Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 19 articles for you...
219
security advisorydenial of serviceimportantUbuntu 20.04 LTS USN-1234-1 libjpeg-turbo High CVE Vulnerabilities
Important: webkit2gtk3 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:10702", "synopsis": "Important: webkit2gtk3 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for webkit2gtk3.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)\n\n* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)\n\n* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)\n\n* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)\n\n* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)\n\n* webkitgtk: Processingmaliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)\n\n* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)\n\n* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2448781", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781", "description": ""}, {"ticket": "2448782", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782", "description": ""}, {"ticket": "2448786", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786", "description": ""}, {"ticket": "2448787", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787", "description": ""}, {"ticket": "2448788", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788", "description": ""}, {"ticket": "2448789", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789", "description": ""}, {"ticket": "2448790", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790", "description": ""}, {"ticket": "2448791", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791", "description": ""}, {"ticket": "2448792", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792", "description": ""}, {"ticket": "2448793","sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793", "description": ""}, {"ticket": "2448794", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794", "description": ""}, {"ticket": "2453000", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000", "description": ""}, {"ticket": "2453001", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001", "description": ""}, {"ticket": "2453002", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002", "description": ""}, {"ticket": "2453003", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003", "description": ""}, {"ticket": "2453004", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004", "description": ""}, {"ticket": "2453006", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006", "description": ""}, {"ticket": "2453008", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008", "description": ""}], "cves": [{"name": "CVE-2025-43213", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43213", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2025-43214", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43214", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2025-43457", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43457", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-416"}, {"name": "CVE-2025-43511", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43511","cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-416"}, {"name": "CVE-2025-46299", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46299", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss3BaseScore": "6.5", "cwe": "CWE-909"}, {"name": "CVE-2026-20608", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20608", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2026-20635", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20635", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2026-20636", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20636", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2026-20643", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20643", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss3BaseScore": "5.4", "cwe": "CWE-346"}, {"name": "CVE-2026-20644", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20644", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2026-20652", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20652", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-120"}, {"name": "CVE-2026-20664", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20664", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"},{"name": "CVE-2026-20665", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20665", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "cvss3BaseScore": "5.4", "cwe": "CWE-693"}, {"name": "CVE-2026-20676", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20676", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss3BaseScore": "4.3", "cwe": "CWE-201"}, {"name": "CVE-2026-20691", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20691", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss3BaseScore": "4.3", "cwe": "CWE-497"}, {"name": "CVE-2026-28857", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28857", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2026-28859", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28859", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2026-28871", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28871", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss3BaseScore": "4.3", "cwe": "CWE-79"}], "references": [], "publishedAt": "2026-04-27T18:01:02.117663Z", "rpms": {"Rocky Linux 8": {"nvras": ["webkit2gtk3-0:2.52.3-1.el8_10.aarch64.rpm", "webkit2gtk3-0:2.52.3-1.el8_10.i686.rpm", "webkit2gtk3-0:2.52.3-1.el8_10.src.rpm", "webkit2gtk3-0:2.52.3-1.el8_10.x86_64.rpm", "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64.rpm", "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686.rpm", "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64.rpm", "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64.rpm", "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686.rpm", "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64.rpm","webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64.rpm", "webkit2gtk3-devel-0:2.52.3-1.el8_10.i686.rpm", "webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64.rpm", "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64.rpm", "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686.rpm", "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64.rpm", "webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64.rpm", "webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686.rpm", "webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64.rpm", "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64.rpm", "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686.rpm", "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64.rpm", "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64.rpm", "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686.rpm", "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64.rpm", "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64.rpm", "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686.rpm", "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A critical security update for webkit2gtk3 on Rocky Linux fixing important issues related to web content processing risks.. Rocky Linux, webkit2gtk3, security update, denial-of-service, important advisory. . Severity: Important. LinuxSecurity.com Team
Apr 27, 2026
•Important
Rocky Linux
89
security advisoryfedoraupdateFedora 44 qt6-qtwebview Issue Resolution 2026-70776c2dc4
Qt 6.10.3 bugfix update.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-70776c2dc3 2026-04-25 01:21:36.172096+00:00 -------------------------------------------------------------------------------- Name : qt6-qtwebview Product : Fedora 44 Version : 6.10.3 Release : 1.fc44 URL : http://www.qt.io Summary : Qt6 - WebView component Description : Qt WebView provides a way to display web content in a QML application without necessarily including a full web browser stack by using native APIs where it makes sense. -------------------------------------------------------------------------------- Update Information: Qt 6.10.3 bugfix update. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2026 Jan Grulich - 6.10.3-1 - 6.10.3 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-70776c2dc3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 25, 2026
Fedora
219
security advisorydenial of serviceimportantUbuntu 22 LSA-2023-7484 qt5 Major Revision Vulnerability XSS Concern
Important: webkit2gtk3 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:9692", "synopsis": "Important: webkit2gtk3 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for webkit2gtk3.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)\n\n* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)\n\n* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)\n\n* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)\n\n* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)\n\n* webkitgtk: Processingmaliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)\n\n* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)\n\n* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2448781", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781", "description": ""}, {"ticket": "2448782", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782", "description": ""}, {"ticket": "2448786", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786", "description": ""}, {"ticket": "2448787", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787", "description": ""}, {"ticket": "2448788", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788", "description": ""}, {"ticket": "2448789", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789", "description": ""}, {"ticket": "2448790", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790", "description": ""}, {"ticket": "2448791", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791", "description": ""}, {"ticket": "2448792", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792", "description": ""}, {"ticket": "2448793","sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793", "description": ""}, {"ticket": "2448794", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794", "description": ""}, {"ticket": "2453000", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000", "description": ""}, {"ticket": "2453001", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001", "description": ""}, {"ticket": "2453002", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002", "description": ""}, {"ticket": "2453003", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003", "description": ""}, {"ticket": "2453004", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004", "description": ""}, {"ticket": "2453006", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006", "description": ""}, {"ticket": "2453008", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008", "description": ""}], "cves": [{"name": "CVE-2025-43213", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43213", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2025-43214", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43214", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2025-43457", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43457", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-416"}, {"name": "CVE-2025-43511", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43511","cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-416"}, {"name": "CVE-2025-46299", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46299", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss3BaseScore": "6.5", "cwe": "CWE-909"}, {"name": "CVE-2026-20608", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20608", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2026-20635", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20635", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2026-20636", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20636", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2026-20643", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20643", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss3BaseScore": "5.4", "cwe": "CWE-346"}, {"name": "CVE-2026-20644", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20644", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2026-20652", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20652", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-120"}, {"name": "CVE-2026-20664", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20664", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"},{"name": "CVE-2026-20665", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20665", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "cvss3BaseScore": "5.4", "cwe": "CWE-693"}, {"name": "CVE-2026-20676", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20676", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss3BaseScore": "4.3", "cwe": "CWE-201"}, {"name": "CVE-2026-20691", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20691", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss3BaseScore": "4.3", "cwe": "CWE-497"}, {"name": "CVE-2026-28857", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28857", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2026-28859", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28859", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2026-28871", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28871", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss3BaseScore": "4.3", "cwe": "CWE-79"}], "references": [], "publishedAt": "2026-04-24T12:03:31.152911Z", "rpms": {"Rocky Linux 9": {"nvras": ["webkit2gtk3-0:2.52.3-0.el9_7.1.src.rpm", "webkit2gtk3-0:2.52.3-0.el9_7.1.x86_64.rpm", "webkit2gtk3-debuginfo-0:2.52.3-0.el9_7.1.aarch64.rpm", "webkit2gtk3-debuginfo-0:2.52.3-0.el9_7.1.i686.rpm", "webkit2gtk3-debuginfo-0:2.52.3-0.el9_7.1.ppc64le.rpm", "webkit2gtk3-debuginfo-0:2.52.3-0.el9_7.1.s390x.rpm", "webkit2gtk3-debuginfo-0:2.52.3-0.el9_7.1.x86_64.rpm", "webkit2gtk3-debugsource-0:2.52.3-0.el9_7.1.aarch64.rpm", "webkit2gtk3-debugsource-0:2.52.3-0.el9_7.1.i686.rpm","webkit2gtk3-debugsource-0:2.52.3-0.el9_7.1.ppc64le.rpm", "webkit2gtk3-debugsource-0:2.52.3-0.el9_7.1.s390x.rpm", "webkit2gtk3-debugsource-0:2.52.3-0.el9_7.1.x86_64.rpm", "webkit2gtk3-devel-0:2.52.3-0.el9_7.1.aarch64.rpm", "webkit2gtk3-devel-0:2.52.3-0.el9_7.1.i686.rpm", "webkit2gtk3-devel-0:2.52.3-0.el9_7.1.ppc64le.rpm", "webkit2gtk3-devel-0:2.52.3-0.el9_7.1.s390x.rpm", "webkit2gtk3-devel-0:2.52.3-0.el9_7.1.x86_64.rpm", "webkit2gtk3-devel-debuginfo-0:2.52.3-0.el9_7.1.aarch64.rpm", "webkit2gtk3-devel-debuginfo-0:2.52.3-0.el9_7.1.i686.rpm", "webkit2gtk3-devel-debuginfo-0:2.52.3-0.el9_7.1.ppc64le.rpm", "webkit2gtk3-devel-debuginfo-0:2.52.3-0.el9_7.1.s390x.rpm", "webkit2gtk3-devel-debuginfo-0:2.52.3-0.el9_7.1.x86_64.rpm", "webkit2gtk3-jsc-0:2.52.3-0.el9_7.1.aarch64.rpm", "webkit2gtk3-jsc-0:2.52.3-0.el9_7.1.i686.rpm", "webkit2gtk3-jsc-0:2.52.3-0.el9_7.1.ppc64le.rpm", "webkit2gtk3-jsc-0:2.52.3-0.el9_7.1.s390x.rpm", "webkit2gtk3-jsc-0:2.52.3-0.el9_7.1.x86_64.rpm", "webkit2gtk3-jsc-debuginfo-0:2.52.3-0.el9_7.1.aarch64.rpm", "webkit2gtk3-jsc-debuginfo-0:2.52.3-0.el9_7.1.i686.rpm", "webkit2gtk3-jsc-debuginfo-0:2.52.3-0.el9_7.1.ppc64le.rpm", "webkit2gtk3-jsc-debuginfo-0:2.52.3-0.el9_7.1.s390x.rpm", "webkit2gtk3-0:2.52.3-0.el9_7.1.aarch64.rpm", "webkit2gtk3-0:2.52.3-0.el9_7.1.i686.rpm", "webkit2gtk3-0:2.52.3-0.el9_7.1.ppc64le.rpm", "webkit2gtk3-0:2.52.3-0.el9_7.1.s390x.rpm", "webkit2gtk3-jsc-debuginfo-0:2.52.3-0.el9_7.1.x86_64.rpm", "webkit2gtk3-jsc-devel-0:2.52.3-0.el9_7.1.aarch64.rpm", "webkit2gtk3-jsc-devel-0:2.52.3-0.el9_7.1.i686.rpm", "webkit2gtk3-jsc-devel-0:2.52.3-0.el9_7.1.ppc64le.rpm", "webkit2gtk3-jsc-devel-0:2.52.3-0.el9_7.1.s390x.rpm", "webkit2gtk3-jsc-devel-0:2.52.3-0.el9_7.1.x86_64.rpm", "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-0.el9_7.1.aarch64.rpm", "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-0.el9_7.1.i686.rpm", "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-0.el9_7.1.ppc64le.rpm", "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-0.el9_7.1.s390x.rpm", "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-0.el9_7.1.x86_64.rpm"]}},"rebootSuggested": false, "buildReferences": []}. Important webkit2gtk3 security update for Rocky Linux 9 addresses multiple issues including denial-of-service risks.. Rocky Linux webkit2gtk3 update, security patches Rocky Linux, web content vulnerabilities, security advisory webkit2gtk3. . Severity: Important. LinuxSecurity.com Team
Apr 24, 2026
•Important
Rocky Linux
203
security advisoryimportantinformation disclosureImportant Vulnerabilities in Webkit2 for Mageia MGASA-2025-0325 and CVEs
MGASA-2025-0325 - Updated webkit2 packages fix security vulnerabilities. MGASA-2025-0325 - Updated webkit2 packages fix security vulnerabilities Publication date: 09 Dec 2025 URL: https://advisories.mageia.org/MGASA-2025-0325.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-13947, CVE-2025-43421, CVE-2025-43458, CVE-2025-66287 Description: A website may be able to exfiltrate sensitive system information. Description: The issue was addressed through improved state checks - CVE-2025-13947. Processing maliciously crafted web content may lead to an unexpected process crash. Description: Multiple issues were addressed by disabling array allocation sinking - CVE-2025-43421. Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed through improved state management - CVE-2025-43458. Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling - CVE-2025-66287. References: - https://bugs.mageia.org/show_bug.cgi?id=34802 - https://webkitgtk.org/security/WSA-2025-0009.html - https://webkitgtk.org/2025/12/04/webkitgtk2.50.3-released.html - https://www.cve.org/CVERecord?id=CVE-2025-13947 - https://www.cve.org/CVERecord?id=CVE-2025-43421 - https://www.cve.org/CVERecord?id=CVE-2025-43458 - https://www.cve.org/CVERecord?id=CVE-2025-66287 SRPMS: - 9/core/webkit2-2.50.3-1.mga9 . Updated webkit2 packages on Mageia address issues like unexpected crashes and sensitive information exposure.. Webkit2 Security Update, Mageia Advisory, Process Crash Vulnerability, Information Disclosure Mageia, Security Patch Webkit2. . Severity: Important. LinuxSecurity.com Team
Dec 09, 2025
•Important
Mageia
89
security advisoryfedoraimportantFedora 42: qt5-qtwebview Important Bugfix 2025-976ccd79ae
Qt 5.15.18 bugfix release. Qt5 WebEngine update to 5.15.19.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-976ccd79ae 2025-11-06 02:22:59.541317+00:00 -------------------------------------------------------------------------------- Name : qt5-qtwebview Product : Fedora 42 Version : 5.15.18 Release : 1.fc42 URL : http://www.qt.io Summary : Qt5 - WebView component Description : Qt WebView provides a way to display web content in a QML application without necessarily including a full web browser stack by using native APIs where it makes sense. -------------------------------------------------------------------------------- Update Information: Qt 5.15.18 bugfix release. Qt5 WebEngine update to 5.15.19. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 4 2025 Jan Grulich - 5.15.18-1 - 5.15.18 * Fri Jul 25 2025 Fedora Release Engineering - 5.15.17-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-976ccd79ae' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 06, 2025
•Important
Fedora
89
security advisorydenial of servicefedoraFedora 41: Critical Denial of Service Advisory for webkitgtk 2.48.5
Update to 2.48.5. Changes since 2.48.3: Improve emoji font selection. Improve playback of multimedia streams from blob URLs. Fix crash when using a WebKitWebView widget in an offscreen window. Fix several crashes and rendering issues.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-9b8165a4b3 2025-08-22 02:11:10.530849+00:00 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 41 Version : 2.48.5 Release : 1.fc41 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: Update to 2.48.5. Changes since 2.48.3: Improve emoji font selection. Improve playback of multimedia streams from blob URLs. Fix crash when using a WebKitWebView widget in an offscreen window. Fix several crashes and rendering issues. CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212, CVE-2025-43216, CVE-2025-43227, CVE-2025-43240, CVE-2025-43265, CVE-2025-6558 -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 5 2025 Michael Catanzaro - 2.48.5-1 - Update to 2.48.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2386383 - CVE-2025-43265 webkitgtk: Processing maliciously crafted web content may disclose internal states of the app [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2386383 [ 2 ] Bug #2386384 - CVE-2025-43227 webkitgtk: Processing maliciously crafted web content may disclose sensitive user information [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2386384 [ 3 ] Bug #2386387 - CVE-2025-43216 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2386387 [ 4 ] Bug #2386390 - CVE-2025-43212 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2386390 [ 5 ] Bug #2386397 - CVE-2025-43211 webkitgtk: Processing web content may lead to a denial-of-service [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2386397 [ 6 ] Bug #2386406 - CVE-2025-31278 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2386406 [ 7 ] Bug #2386409 - CVE-2025-31273 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2386409 [ 8 ] Bug #2386415 - CVE-2025-43240 webkitgtk: A download\u2019s origin may be incorrectly associated [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2386415 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-9b8165a4b3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 41 upgrade to webkitgtk 2.48.5 resolves significant vulnerabilities and improves video streaming performance.. Fedora 41, WebKitGTK 2.48.5, security advisory, multimedia streaming, denial-of-service. . Severity: Critical. LinuxSecurity.com Team
Aug 22, 2025
•Critical
Fedora
100
security advisorydata exfiltrationmemory handlingopenSUSE Leap 15.6: 2025:01746-1 important: webkit2gtk3 patch
* bsc#1222905 * bsc#1241158 * bsc#1241160 * bsc#1243282 * bsc#1243286 . # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2025:01746-1 Release Date: 2025-05-29T12:38:02Z Rating: important References: * bsc#1222905 * bsc#1241158 * bsc#1241160 * bsc#1243282 * bsc#1243286 * bsc#1243288 * bsc#1243289 * bsc#1243424 * bsc#1243596 Cross-References: * CVE-2023-42875 * CVE-2023-42970 * CVE-2024-23226 * CVE-2025-24223 * CVE-2025-31204 * CVE-2025-31205 * CVE-2025-31206 * CVE-2025-31215 * CVE-2025-31257 CVSS scores: * CVE-2023-42875 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2023-42875 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-42875 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-42970 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-42970 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-42970 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-23226 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-23226 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-23226 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-24223 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-24223 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-24223 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31204 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31204 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31205 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-31205 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-31206 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-31206 ( NVD ): 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-31215 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-31215 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-31257 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-31257 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-31257 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP6 * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP6 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves nine vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: * CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website (bsc#1243282). * CVE-2025-31204: improper memory handling when processing certain web content may lead to memory corruption (bsc#1243286). * CVE-2025-31206: type confusion issue when processing certain web content may lead to an unexpected crash (bsc#1243288). * CVE-2025-31215: lack of checks when processing certain web content may lead to an unexpected crash (bsc#1243289). * CVE-2025-31257: improper memory handling when processing certain web content may lead to an unexpected crash (bsc#1243596). * CVE-2025-24223: improper memory handling when processing certain web content may lead to memory corruption(bsc#1243424). Other changes and issues fixed: * Enable CSS overscroll behavior by default. * Change threaded rendering implementation to use Skia API instead of WebCore display list that is not thread safe. * Fix rendering when device scale factor change comes before the web view geometry update. * Fix network process crash on exit. * Fix the build with ENABLE_RESOURCE_USAGE=OFF. * Fix several crashes and rendering issues. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1746=1 openSUSE-SLE-15.6-2025-1746=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1746=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-1746=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1746=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-1746=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-1746=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-1746=1 ## Package List: * openSUSE Leap 15.6 (noarch) * WebKitGTK-4.1-lang-2.48.2-150600.12.40.2 * WebKitGTK-4.0-lang-2.48.2-150600.12.40.2 * WebKitGTK-6.0-lang-2.48.2-150600.12.40.2 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * webkit2gtk-4_1-injected-bundles-2.48.2-150600.12.40.2 * libwebkitgtk-6_0-4-debuginfo-2.48.2-150600.12.40.2 * webkit2gtk3-minibrowser-debuginfo-2.48.2-150600.12.40.2 * libjavascriptcoregtk-4_1-0-2.48.2-150600.12.40.2 * typelib-1_0-JavaScriptCore-4_1-2.48.2-150600.12.40.2 * typelib-1_0-JavaScriptCore-4_0-2.48.2-150600.12.40.2 *typelib-1_0-WebKit2-4_0-2.48.2-150600.12.40.2 * libwebkit2gtk-4_0-37-debuginfo-2.48.2-150600.12.40.2 * libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2 * webkit-jsc-6.0-2.48.2-150600.12.40.2 * webkit2gtk3-devel-2.48.2-150600.12.40.2 * libjavascriptcoregtk-6_0-1-debuginfo-2.48.2-150600.12.40.2 * typelib-1_0-WebKit-6_0-2.48.2-150600.12.40.2 * webkit2gtk4-minibrowser-debuginfo-2.48.2-150600.12.40.2 * webkit-jsc-4-2.48.2-150600.12.40.2 * libwebkit2gtk-4_1-0-2.48.2-150600.12.40.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.48.2-150600.12.40.2 * webkit-jsc-6.0-debuginfo-2.48.2-150600.12.40.2 * libwebkit2gtk-4_1-0-debuginfo-2.48.2-150600.12.40.2 * typelib-1_0-WebKit2WebExtension-4_1-2.48.2-150600.12.40.2 * webkit2gtk4-minibrowser-2.48.2-150600.12.40.2 * webkitgtk-6_0-injected-bundles-2.48.2-150600.12.40.2 * webkit2gtk-4_0-injected-bundles-2.48.2-150600.12.40.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.48.2-150600.12.40.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.48.2-150600.12.40.2 * webkit-jsc-4-debuginfo-2.48.2-150600.12.40.2 * webkit2gtk3-debugsource-2.48.2-150600.12.40.2 * typelib-1_0-WebKitWebProcessExtension-6_0-2.48.2-150600.12.40.2 * webkit2gtk3-soup2-minibrowser-2.48.2-150600.12.40.2 * webkit2gtk3-minibrowser-2.48.2-150600.12.40.2 * webkitgtk-6_0-injected-bundles-debuginfo-2.48.2-150600.12.40.2 * typelib-1_0-JavaScriptCore-6_0-2.48.2-150600.12.40.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.48.2-150600.12.40.2 * webkit2gtk3-soup2-minibrowser-debuginfo-2.48.2-150600.12.40.2 * typelib-1_0-WebKit2-4_1-2.48.2-150600.12.40.2 * typelib-1_0-WebKit2WebExtension-4_0-2.48.2-150600.12.40.2 * libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2 * webkit-jsc-4.1-2.48.2-150600.12.40.2 * webkit2gtk3-soup2-devel-2.48.2-150600.12.40.2 * libwebkit2gtk-4_0-37-2.48.2-150600.12.40.2 * webkit-jsc-4.1-debuginfo-2.48.2-150600.12.40.2 * webkit2gtk4-devel-2.48.2-150600.12.40.2 *webkit2gtk3-soup2-debugsource-2.48.2-150600.12.40.2 * libwebkitgtk-6_0-4-2.48.2-150600.12.40.2 * webkit2gtk4-debugsource-2.48.2-150600.12.40.2 * openSUSE Leap 15.6 (x86_64) * libjavascriptcoregtk-4_1-0-32bit-2.48.2-150600.12.40.2 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.48.2-150600.12.40.2 * libjavascriptcoregtk-4_0-18-32bit-2.48.2-150600.12.40.2 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.48.2-150600.12.40.2 * libwebkit2gtk-4_1-0-32bit-2.48.2-150600.12.40.2 * libwebkit2gtk-4_0-37-32bit-2.48.2-150600.12.40.2 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.48.2-150600.12.40.2 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.48.2-150600.12.40.2 * openSUSE Leap 15.6 (aarch64_ilp32) * libjavascriptcoregtk-4_1-0-64bit-2.48.2-150600.12.40.2 * libjavascriptcoregtk-4_0-18-64bit-2.48.2-150600.12.40.2 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.48.2-150600.12.40.2 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.48.2-150600.12.40.2 * libwebkit2gtk-4_0-37-64bit-2.48.2-150600.12.40.2 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.48.2-150600.12.40.2 * libwebkit2gtk-4_1-0-64bit-2.48.2-150600.12.40.2 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.48.2-150600.12.40.2 * Basesystem Module 15-SP6 (noarch) * WebKitGTK-4.0-lang-2.48.2-150600.12.40.2 * WebKitGTK-6.0-lang-2.48.2-150600.12.40.2 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2 * libwebkitgtk-6_0-4-debuginfo-2.48.2-150600.12.40.2 * webkit2gtk3-soup2-devel-2.48.2-150600.12.40.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.48.2-150600.12.40.2 * typelib-1_0-JavaScriptCore-4_0-2.48.2-150600.12.40.2 * typelib-1_0-WebKit2-4_0-2.48.2-150600.12.40.2 * webkitgtk-6_0-injected-bundles-debuginfo-2.48.2-150600.12.40.2 * libwebkit2gtk-4_0-37-debuginfo-2.48.2-150600.12.40.2 * libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2 * libwebkit2gtk-4_0-37-2.48.2-150600.12.40.2 *libjavascriptcoregtk-4_0-18-debuginfo-2.48.2-150600.12.40.2 * webkitgtk-6_0-injected-bundles-2.48.2-150600.12.40.2 * webkit2gtk-4_0-injected-bundles-2.48.2-150600.12.40.2 * webkit2gtk3-soup2-debugsource-2.48.2-150600.12.40.2 * libwebkitgtk-6_0-4-2.48.2-150600.12.40.2 * libjavascriptcoregtk-6_0-1-debuginfo-2.48.2-150600.12.40.2 * typelib-1_0-WebKit2WebExtension-4_0-2.48.2-150600.12.40.2 * webkit2gtk4-debugsource-2.48.2-150600.12.40.2 * Basesystem Module 15-SP7 (noarch) * WebKitGTK-4.0-lang-2.48.2-150600.12.40.2 * WebKitGTK-6.0-lang-2.48.2-150600.12.40.2 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2 * libwebkitgtk-6_0-4-debuginfo-2.48.2-150600.12.40.2 * webkit2gtk3-soup2-devel-2.48.2-150600.12.40.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.48.2-150600.12.40.2 * typelib-1_0-JavaScriptCore-4_0-2.48.2-150600.12.40.2 * typelib-1_0-WebKit2-4_0-2.48.2-150600.12.40.2 * webkitgtk-6_0-injected-bundles-debuginfo-2.48.2-150600.12.40.2 * libwebkit2gtk-4_0-37-debuginfo-2.48.2-150600.12.40.2 * libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2 * libwebkit2gtk-4_0-37-2.48.2-150600.12.40.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.48.2-150600.12.40.2 * webkitgtk-6_0-injected-bundles-2.48.2-150600.12.40.2 * webkit2gtk-4_0-injected-bundles-2.48.2-150600.12.40.2 * webkit2gtk3-soup2-debugsource-2.48.2-150600.12.40.2 * libwebkitgtk-6_0-4-2.48.2-150600.12.40.2 * libjavascriptcoregtk-6_0-1-debuginfo-2.48.2-150600.12.40.2 * typelib-1_0-WebKit2WebExtension-4_0-2.48.2-150600.12.40.2 * webkit2gtk4-debugsource-2.48.2-150600.12.40.2 * Desktop Applications Module 15-SP6 (noarch) * WebKitGTK-4.1-lang-2.48.2-150600.12.40.2 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_1-injected-bundles-2.48.2-150600.12.40.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.48.2-150600.12.40.2 *libwebkit2gtk-4_1-0-2.48.2-150600.12.40.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.48.2-150600.12.40.2 * libjavascriptcoregtk-4_1-0-2.48.2-150600.12.40.2 * typelib-1_0-JavaScriptCore-4_1-2.48.2-150600.12.40.2 * libwebkit2gtk-4_1-0-debuginfo-2.48.2-150600.12.40.2 * webkit2gtk3-debugsource-2.48.2-150600.12.40.2 * typelib-1_0-WebKit2WebExtension-4_1-2.48.2-150600.12.40.2 * webkit2gtk3-devel-2.48.2-150600.12.40.2 * typelib-1_0-WebKit2-4_1-2.48.2-150600.12.40.2 * Desktop Applications Module 15-SP7 (noarch) * WebKitGTK-4.1-lang-2.48.2-150600.12.40.2 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_1-injected-bundles-2.48.2-150600.12.40.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.48.2-150600.12.40.2 * libwebkit2gtk-4_1-0-2.48.2-150600.12.40.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.48.2-150600.12.40.2 * libjavascriptcoregtk-4_1-0-2.48.2-150600.12.40.2 * typelib-1_0-JavaScriptCore-4_1-2.48.2-150600.12.40.2 * libwebkit2gtk-4_1-0-debuginfo-2.48.2-150600.12.40.2 * webkit2gtk3-debugsource-2.48.2-150600.12.40.2 * typelib-1_0-WebKit2WebExtension-4_1-2.48.2-150600.12.40.2 * webkit2gtk3-devel-2.48.2-150600.12.40.2 * typelib-1_0-WebKit2-4_1-2.48.2-150600.12.40.2 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKitWebProcessExtension-6_0-2.48.2-150600.12.40.2 * typelib-1_0-JavaScriptCore-6_0-2.48.2-150600.12.40.2 * webkit2gtk4-devel-2.48.2-150600.12.40.2 * typelib-1_0-WebKit-6_0-2.48.2-150600.12.40.2 * webkit2gtk4-debugsource-2.48.2-150600.12.40.2 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKitWebProcessExtension-6_0-2.48.2-150600.12.40.2 * typelib-1_0-JavaScriptCore-6_0-2.48.2-150600.12.40.2 * webkit2gtk4-devel-2.48.2-150600.12.40.2 * typelib-1_0-WebKit-6_0-2.48.2-150600.12.40.2 * webkit2gtk4-debugsource-2.48.2-150600.12.40.2 ## References: *https://www.suse.com/security/cve/CVE-2023-42875.html * https://www.suse.com/security/cve/CVE-2023-42970.html * https://www.suse.com/security/cve/CVE-2024-23226.html * https://www.suse.com/security/cve/CVE-2025-24223.html * https://www.suse.com/security/cve/CVE-2025-31204.html * https://www.suse.com/security/cve/CVE-2025-31205.html * https://www.suse.com/security/cve/CVE-2025-31206.html * https://www.suse.com/security/cve/CVE-2025-31215.html * https://www.suse.com/security/cve/CVE-2025-31257.html * https://bugzilla.suse.com/show_bug.cgi?id=1222905 * https://bugzilla.suse.com/show_bug.cgi?id=1241158 * https://bugzilla.suse.com/show_bug.cgi?id=1241160 * https://bugzilla.suse.com/show_bug.cgi?id=1243282 * https://bugzilla.suse.com/show_bug.cgi?id=1243286 * https://bugzilla.suse.com/show_bug.cgi?id=1243288 * https://bugzilla.suse.com/show_bug.cgi?id=1243289 * https://bugzilla.suse.com/show_bug.cgi?id=1243424 * https://bugzilla.suse.com/show_bug.cgi?id=1243596 . This enhancement tackles several vital concerns in gtk3-webkit for openSUSE, improving both robustness and safety.. openSUSE Security, webkit2gtk3 Update, Memory Handling Fix. . Severity: Important. LinuxSecurity.com Team
May 29, 2025
•Important
SuSE
202
security advisoryinformation disclosureopenSUSEopenSUSE: 2025:1149-1 moderate: webkit2gtk3 information disclosure fix
An update that solves three vulnerabilities can now be installed.. # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2025:1149-1 Release Date: 2025-04-07T07:12:51Z Rating: moderate References: * bsc#1239863 * bsc#1239864 * bsc#1239950 Cross-References: * CVE-2024-44192 * CVE-2024-54467 * CVE-2025-24201 CVSS scores: * CVE-2024-44192 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-44192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-44192 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-44192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-54467 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-54467 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2024-54467 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2024-54467 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-24201 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-24201 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-24201 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Desktop Applications Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: * CVE-2024-44192: Fixed unexpected process crash due to processing maliciously crafted web content (bsc#1239863) * CVE-2024-54467: Fixed information disclosure via data cross-origin exfiltration due to a cookie management issue (bsc#1239864) Other fixes: * Update to version2.48.0: * Move tiles rendering to worker threads when rendering with the GPU. * Fix preserve-3D intersection rendering. * Added new function for creating Promise objects to JavaScripotCore GLib API. * The MediaRecorder backend gained WebM support (requires at least GStreamer 1.24.9) and audio bitrate configuration support. * Fix invalid DPI-aware font size conversion. * Bring back support for OpenType-SVG fonts using Skia SVG module. * Add metadata (title and creation/modification date) to the PDF document generated for printing. * Propagate the fontâs computed locale to HarfBuzz. * The GPU process build is now enabled for WebGL, but the web process is still used by default. The runtime flag UseGPUProcessForWebGL can be used to use the GPU process for WebGL. * Security fixes: CVE-2024-44192, CVE-2024-54467, CVE-2025-24201. * Disable speech synthesis. It has been disabled until now, and we don't have flite or spiel in SLE. * Add gcc13-PIE to BuildRequires (bsc#1239950). * Backport upstream patch to stop using IOChannel in NetworkCache: hopefully fixes crashes in the network process. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1149=1 SUSE-2025-1149=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1149=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1149=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-1149=1 ## Package List: * openSUSE Leap 15.6 (noarch) * WebKitGTK-6.0-lang-2.48.0-150600.12.33.1 * WebKitGTK-4.1-lang-2.48.0-150600.12.33.1 * WebKitGTK-4.0-lang-2.48.0-150600.12.33.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libjavascriptcoregtk-6_0-1-debuginfo-2.48.0-150600.12.33.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.48.0-150600.12.33.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.48.0-150600.12.33.1 * libwebkit2gtk-4_1-0-debuginfo-2.48.0-150600.12.33.1 * webkit2gtk3-soup2-devel-2.48.0-150600.12.33.1 * libjavascriptcoregtk-4_0-18-2.48.0-150600.12.33.1 * webkit2gtk3-soup2-debugsource-2.48.0-150600.12.33.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.48.0-150600.12.33.1 * webkit2gtk3-soup2-minibrowser-debuginfo-2.48.0-150600.12.33.1 * typelib-1_0-WebKit2WebExtension-4_1-2.48.0-150600.12.33.1 * typelib-1_0-JavaScriptCore-4_0-2.48.0-150600.12.33.1 * typelib-1_0-WebKit2WebExtension-4_0-2.48.0-150600.12.33.1 * webkit-jsc-4.1-2.48.0-150600.12.33.1 * webkit2gtk3-soup2-minibrowser-2.48.0-150600.12.33.1 * webkit-jsc-4-debuginfo-2.48.0-150600.12.33.1 * webkit2gtk3-minibrowser-2.48.0-150600.12.33.1 * typelib-1_0-WebKit2-4_0-2.48.0-150600.12.33.1 * typelib-1_0-WebKit-6_0-2.48.0-150600.12.33.1 * webkit2gtk3-debugsource-2.48.0-150600.12.33.1 * webkit2gtk3-minibrowser-debuginfo-2.48.0-150600.12.33.1 * webkit2gtk-4_0-injected-bundles-2.48.0-150600.12.33.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.48.0-150600.12.33.1 * typelib-1_0-JavaScriptCore-6_0-2.48.0-150600.12.33.1 * webkit2gtk4-debugsource-2.48.0-150600.12.33.1 * webkit-jsc-6.0-debuginfo-2.48.0-150600.12.33.1 * webkit-jsc-6.0-2.48.0-150600.12.33.1 * libwebkit2gtk-4_0-37-debuginfo-2.48.0-150600.12.33.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.48.0-150600.12.33.1 * webkit2gtk4-minibrowser-debuginfo-2.48.0-150600.12.33.1 * webkit-jsc-4.1-debuginfo-2.48.0-150600.12.33.1 * webkit2gtk4-devel-2.48.0-150600.12.33.1 * typelib-1_0-JavaScriptCore-4_1-2.48.0-150600.12.33.1 * webkit2gtk-4_1-injected-bundles-2.48.0-150600.12.33.1 * libwebkitgtk-6_0-4-debuginfo-2.48.0-150600.12.33.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.48.0-150600.12.33.1 *libjavascriptcoregtk-6_0-1-2.48.0-150600.12.33.1 * libwebkit2gtk-4_1-0-2.48.0-150600.12.33.1 * libwebkitgtk-6_0-4-2.48.0-150600.12.33.1 * webkit2gtk3-devel-2.48.0-150600.12.33.1 * libwebkit2gtk-4_0-37-2.48.0-150600.12.33.1 * webkit2gtk4-minibrowser-2.48.0-150600.12.33.1 * webkitgtk-6_0-injected-bundles-2.48.0-150600.12.33.1 * webkit-jsc-4-2.48.0-150600.12.33.1 * typelib-1_0-WebKit2-4_1-2.48.0-150600.12.33.1 * libjavascriptcoregtk-4_1-0-2.48.0-150600.12.33.1 * openSUSE Leap 15.6 (x86_64) * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.48.0-150600.12.33.1 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.48.0-150600.12.33.1 * libjavascriptcoregtk-4_1-0-32bit-2.48.0-150600.12.33.1 * libwebkit2gtk-4_1-0-32bit-2.48.0-150600.12.33.1 * libwebkit2gtk-4_0-37-32bit-2.48.0-150600.12.33.1 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.48.0-150600.12.33.1 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.48.0-150600.12.33.1 * libjavascriptcoregtk-4_0-18-32bit-2.48.0-150600.12.33.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libwebkit2gtk-4_1-0-64bit-2.48.0-150600.12.33.1 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.48.0-150600.12.33.1 * libwebkit2gtk-4_0-37-64bit-2.48.0-150600.12.33.1 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.48.0-150600.12.33.1 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.48.0-150600.12.33.1 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.48.0-150600.12.33.1 * libjavascriptcoregtk-4_1-0-64bit-2.48.0-150600.12.33.1 * libjavascriptcoregtk-4_0-18-64bit-2.48.0-150600.12.33.1 * Basesystem Module 15-SP6 (noarch) * WebKitGTK-6.0-lang-2.48.0-150600.12.33.1 * WebKitGTK-4.0-lang-2.48.0-150600.12.33.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libwebkitgtk-6_0-4-debuginfo-2.48.0-150600.12.33.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.48.0-150600.12.33.1 * webkit2gtk4-debugsource-2.48.0-150600.12.33.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.48.0-150600.12.33.1 *libwebkit2gtk-4_0-37-debuginfo-2.48.0-150600.12.33.1 * webkit2gtk3-soup2-devel-2.48.0-150600.12.33.1 * typelib-1_0-JavaScriptCore-4_0-2.48.0-150600.12.33.1 * libwebkitgtk-6_0-4-2.48.0-150600.12.33.1 * libjavascriptcoregtk-6_0-1-2.48.0-150600.12.33.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.48.0-150600.12.33.1 * libwebkit2gtk-4_0-37-2.48.0-150600.12.33.1 * typelib-1_0-WebKit2WebExtension-4_0-2.48.0-150600.12.33.1 * webkitgtk-6_0-injected-bundles-2.48.0-150600.12.33.1 * typelib-1_0-WebKit2-4_0-2.48.0-150600.12.33.1 * libjavascriptcoregtk-4_0-18-2.48.0-150600.12.33.1 * webkit2gtk3-soup2-debugsource-2.48.0-150600.12.33.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.48.0-150600.12.33.1 * webkit2gtk-4_0-injected-bundles-2.48.0-150600.12.33.1 * Desktop Applications Module 15-SP6 (noarch) * WebKitGTK-4.1-lang-2.48.0-150600.12.33.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_1-injected-bundles-debuginfo-2.48.0-150600.12.33.1 * typelib-1_0-WebKit2WebExtension-4_1-2.48.0-150600.12.33.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.48.0-150600.12.33.1 * libwebkit2gtk-4_1-0-2.48.0-150600.12.33.1 * webkit2gtk3-devel-2.48.0-150600.12.33.1 * typelib-1_0-WebKit2-4_1-2.48.0-150600.12.33.1 * typelib-1_0-JavaScriptCore-4_1-2.48.0-150600.12.33.1 * libwebkit2gtk-4_1-0-debuginfo-2.48.0-150600.12.33.1 * libjavascriptcoregtk-4_1-0-2.48.0-150600.12.33.1 * webkit2gtk3-debugsource-2.48.0-150600.12.33.1 * webkit2gtk-4_1-injected-bundles-2.48.0-150600.12.33.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * webkit2gtk4-debugsource-2.48.0-150600.12.33.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.48.0-150600.12.33.1 * webkit2gtk4-devel-2.48.0-150600.12.33.1 * typelib-1_0-WebKit-6_0-2.48.0-150600.12.33.1 * typelib-1_0-JavaScriptCore-6_0-2.48.0-150600.12.33.1 ## References: * https://www.suse.com/security/cve/CVE-2024-44192.html *https://www.suse.com/security/cve/CVE-2024-54467.html * https://www.suse.com/security/cve/CVE-2025-24201.html * https://bugzilla.suse.com/show_bug.cgi?id=1239863 * https://bugzilla.suse.com/show_bug.cgi?id=1239864 * https://bugzilla.suse.com/show_bug.cgi?id=1239950 . This patch resolves essential concerns in webkit2gtk3 for openSUSE, providing security improvements and resolving bugs.. openSUSE security, webkit2gtk3 update, security patch, process crash fix. . LinuxSecurity.com Team
Apr 07, 2025
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!