Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2025:0735-1 critical: webkit2gtk3 task failure detected

suse
Calendar Grey February 27, 2025
Dist Suse Esm H88
The latest updates address several critical vulnerabilities in webkit2gtk3, significantly improving both system reliability and user safety.
* bsc#1234851 * bsc#1236946 Cross-References: * CVE-2024-27856

Summary

## This update for webkit2gtk3 fixes the following issues: Update to version 2.46.6 (bsc#1236946, bsc#1234851): * CVE-2025-24143: A maliciously crafted webpage may be able to fingerprint the user. * CVE-2025-24150: Copying a URL from Web Inspector may lead to command injection. * CVE-2025-24158: Processing web content may lead to a denial-of-service. * CVE-2025-24162: Processing maliciously crafted web content may lead to an unexpected process crash. * CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash. * CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected process crash. * CVE-2024-54505: Processing maliciously crafted web content may lead to memory corruption.

Topics%20covered

Topics Covered

security advisory denial of service software update arbitrary code execution memory corruption important SUSE webkit2gtk3 process crash

References

* bsc#1234851

* bsc#1236946

Cross-

* CVE-2024-27856

* CVE-2024-54479

* CVE-2024-54502

* CVE-2024-54505

* CVE-2024-54508

* CVE-2024-54534

* CVE-2024-54543

* CVE-2024-54658

* CVE-2025-24143

* CVE-2025-24150

* CVE-2025-24158

* CVE-2025-24162

CVSS scores:

* CVE-2024-27856 ( SUSE ): 8.5

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2024-27856 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2024-27856 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2024-54479 ( SUSE ): 7.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-54479 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2024-54479 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:0735-1
Release Date: 2025-02-26T18:35:02Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service software update arbitrary code execution memory corruption important SUSE webkit2gtk3 process crash

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here