Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2025:1325-1 important: webkit2gtk3 Critical Security Fix

suse
Calendar Grey April 16, 2025
Dist Suse Esm H88
Urgent patch released for openSUSE webkit2gtk3 tackles various vulnerabilities such as memory corruption and cross-origin attacks.
* bsc#1239863 * bsc#1239864 * bsc#1240958 * bsc#1240961 * bsc#1240962

Summary

## This update for webkit2gtk3 fixes the following issues: * Update to version 2.48.1 * CVE-2024-54551: improper memory handling may lead to a denial-of-service when processing certain web content (bsc#1240962) * CVE-2025-24208: permissions issue may lead to a cross-site scripting attack when loading a malicious iframe (bsc#1240961) * CVE-2025-24209: buffer overflow may lead to crash when processing maliciously crafted web content (bsc#1240964) * CVE-2025-24213: type confusion issue may lead to memory corruption (bsc#1240963) * CVE-2025-24216: improper memory handling may lead to an unexpected crash when processing certain web content (bsc#1240986) * CVE-2025-24264: improper memory handling may lead to unexpected crash when processing certain web content (bsc#1240987)

Topics%20covered

Topics Covered

security advisory cross-site scripting important SUSE memory handling webkit2gtk3

References

* bsc#1239863

* bsc#1239864

* bsc#1240958

* bsc#1240961

* bsc#1240962

* bsc#1240963

* bsc#1240964

* bsc#1240986

* bsc#1240987

Cross-

* CVE-2024-44192

* CVE-2024-54467

* CVE-2024-54551

* CVE-2025-24208

* CVE-2025-24209

* CVE-2025-24213

* CVE-2025-24216

* CVE-2025-24264

* CVE-2025-30427

CVSS scores:

* CVE-2024-44192 ( SUSE ): 7.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-44192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2024-44192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2024-44192 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2024-54467 ( SUSE ): 7.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:1325-1
Release Date: 2025-04-16T08:36:24Z
Rating: important

Topics%20covered

Topics Covered

security advisory cross-site scripting important SUSE memory handling webkit2gtk3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here