Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 515
Alerts This Week
Warning Icon 1 515

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 314 articles for you...
217

Oracle Linux 9 ELSA-2026-25927 Webkit2gtk3 Important Vulnerability

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-25927 http://linux.oracle.com/errata/ELSA-2026-25927.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: webkit2gtk3-2.52.4-1.el9_8.i686.rpm webkit2gtk3-2.52.4-1.el9_8.x86_64.rpm webkit2gtk3-devel-2.52.4-1.el9_8.i686.rpm webkit2gtk3-devel-2.52.4-1.el9_8.x86_64.rpm webkit2gtk3-jsc-2.52.4-1.el9_8.i686.rpm webkit2gtk3-jsc-2.52.4-1.el9_8.x86_64.rpm webkit2gtk3-jsc-devel-2.52.4-1.el9_8.i686.rpm webkit2gtk3-jsc-devel-2.52.4-1.el9_8.x86_64.rpm aarch64: webkit2gtk3-2.52.4-1.el9_8.aarch64.rpm webkit2gtk3-devel-2.52.4-1.el9_8.aarch64.rpm webkit2gtk3-jsc-2.52.4-1.el9_8.aarch64.rpm webkit2gtk3-jsc-devel-2.52.4-1.el9_8.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/webkit2gtk3-2.52.4-1.el9_8.src.rpm Related CVEs: CVE-2026-28847 CVE-2026-28883 CVE-2026-28901 CVE-2026-28902 CVE-2026-28903 CVE-2026-28904 CVE-2026-28905 CVE-2026-28907 CVE-2026-28942 CVE-2026-28946 CVE-2026-28947 CVE-2026-28953 CVE-2026-28955 CVE-2026-28958 CVE-2026-43658 CVE-2026-43660 Description of changes: [2.52.4-1] - Update to 2.52.4 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 9 updated packages for webkit2gtk3 contain significant security fixes. Update now to ensure protection.. Oracle Linux, webkit2gtk3, security fixes, patching, updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 Important Oracle
100

SUSE webkit2gtk3 Important Memory Handling Crash Issues 2026-2623-1

An update that solves 16 vulnerabilities can now be installed.. # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2026:2623-1 Release Date: 2026-06-24T12:45:47Z Rating: important References: * bsc#1267506 * bsc#1267507 * bsc#1267508 * bsc#1267509 * bsc#1267510 * bsc#1267511 * bsc#1267512 * bsc#1267513 * bsc#1267514 * bsc#1267515 * bsc#1267516 * bsc#1267517 * bsc#1267518 * bsc#1267519 * bsc#1267520 * bsc#1267521 Cross-References: * CVE-2026-28847 * CVE-2026-28883 * CVE-2026-28901 * CVE-2026-28902 * CVE-2026-28903 * CVE-2026-28904 * CVE-2026-28905 * CVE-2026-28907 * CVE-2026-28942 * CVE-2026-28946 * CVE-2026-28947 * CVE-2026-28953 * CVE-2026-28955 * CVE-2026-28958 * CVE-2026-43658 * CVE-2026-43660 CVSS scores: * CVE-2026-28847 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28847 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28847 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28883 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28883 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28883 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28901 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28901 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28901 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-28902 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28902 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28902 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28903 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28903 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28903( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28904 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28904 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28904 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28905 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28905 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28905 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28907 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-28907 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N * CVE-2026-28907 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-28942 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28942 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28942 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28946 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28946 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28946 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28947 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28947 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28947 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28953 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28953 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28953 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28955 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28955 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28955 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28958 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-28958 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-28958 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-43658 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43658 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-43658 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-43660 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43660 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N * CVE-2026-43660 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 16 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues Update to version 2.52.4: * CVE-2026-28847: processing maliciously crafted web content may lead to an unexpected process crash or arbitrary code execution due to a heap buffer overflow (bsc#1267506). * CVE-2026-28883: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after- free issue (bsc#1267507). * CVE-2026-28901: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267508). * CVE-2026-28902: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267509). * CVE-2026-28903: processingmaliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267510). * CVE-2026-28904: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267511). * CVE-2026-28905: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267512). * CVE-2026-28907: processing maliciously crafted web content may prevent Content Security Policy from being enforced due to improper input validation (bsc#1267513). * CVE-2026-28942: processing maliciously crafted web content may lead to an unexpected crash due to use-after-free (bsc#1267514). * CVE-2026-28946: processing maliciously crafted web content may lead to an unexpected crash due to a use-after-free (bsc#1267515). * CVE-2026-28947: rocessing maliciously crafted web content may lead to an unexpected crash due to a use-after-free (bsc#1267516). * CVE-2026-28953: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267517). * CVE-2026-28955: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267518). * CVE-2026-28958: an app may be able to access sensitive user data due to improper data protection (bsc#1267519). * CVE-2026-43658: processing maliciously crafted web content may lead to an unexpected crash due to improper memory handling (bsc#1267520). * CVE-2026-43660: processing maliciously crafted web content may prevent Content Security Policy from being enforced due to issues with logic (bsc#1267521). Changes: * Add support for half-width fonts. * Improve content filter compilation by avoiding file copies. * Improve handling of out of disk space conditions when the NetworkProcess tried to write data in caches. * Improve how the CMake build system checks whether libatomicis required. * Fix painting scrollbars when their width changes. * Fix playback of certain YouTube videos with low frame rates. * Fix webkit://gpu not working in systems where neither libGL.so.1 nor libOpenGL.so.0 are available. * Fix the build with librice 0.4 or newer when the GStreamer WebRTC backend is enabled at build configuration time. * Fix the build with USE_GSTREAMER_WEBRTC=OFF. * Fix the build with USE_GBM=OFF. * Fix several crashes and rendering issues. * Security fixes: CVE-2026-28847, CVE-2026-28883, CVE-2026-28901, CVE-2026-28902, CVE-2026-28903,, CVE-2026-28904, CVE-2026-28905, CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947, CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658, CVe-2026-43660. * Add support for the "scrollbar-color" CSS property. * Fix some emoji glyphs being rendered as missing glyph boxes. * Fix JavaScriptCore crashes on architectures other than x86_64. * Fix the build on s390x. * Improve handling of real-time threads. * Fix scrollbar rendering glitches visible in some GPU configurations. * Fix V4L2 hardware accelerated media codecs now working due to overly restrictive sandbox device access rules. * Fix leak of bitmap images in webkit_favicon_database_get_favicon_finish(). * Fix the build with USE_GTK4=OFF. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2623=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2623=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_0-18-2.52.4-4.60.2 * webkit2gtk3-debugsource-2.52.4-4.60.2 * libwebkit2gtk-4_0-37-2.52.4-4.60.2 * typelib-1_0-JavaScriptCore-4_0-2.52.4-4.60.2 * typelib-1_0-WebKit2-4_0-2.52.4-4.60.2 * webkit2gtk-4_0-injected-bundles-2.52.4-4.60.2 * libwebkit2gtk-4_0-37-debuginfo-2.52.4-4.60.2 * typelib-1_0-WebKit2WebExtension-4_0-2.52.4-4.60.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.4-4.60.2 * webkit2gtk3-devel-2.52.4-4.60.2 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * libwebkit2gtk3-lang-2.52.4-4.60.2 * SUSE Linux Enterprise Server 12 SP5 LTSS (ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.4-4.60.2 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libjavascriptcoregtk-4_0-18-2.52.4-4.60.2 * webkit2gtk3-debugsource-2.52.4-4.60.2 * libwebkit2gtk-4_0-37-2.52.4-4.60.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.4-4.60.2 * typelib-1_0-JavaScriptCore-4_0-2.52.4-4.60.2 * typelib-1_0-WebKit2-4_0-2.52.4-4.60.2 * webkit2gtk-4_0-injected-bundles-2.52.4-4.60.2 * libwebkit2gtk-4_0-37-debuginfo-2.52.4-4.60.2 * typelib-1_0-WebKit2WebExtension-4_0-2.52.4-4.60.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.4-4.60.2 * webkit2gtk3-devel-2.52.4-4.60.2 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * libwebkit2gtk3-lang-2.52.4-4.60.2 ## References: * https://www.suse.com/security/cve/CVE-2026-28847.html * https://www.suse.com/security/cve/CVE-2026-28883.html * https://www.suse.com/security/cve/CVE-2026-28901.html * https://www.suse.com/security/cve/CVE-2026-28902.html * https://www.suse.com/security/cve/CVE-2026-28903.html * https://www.suse.com/security/cve/CVE-2026-28904.html * https://www.suse.com/security/cve/CVE-2026-28905.html * https://www.suse.com/security/cve/CVE-2026-28907.html * https://www.suse.com/security/cve/CVE-2026-28942.html * https://www.suse.com/security/cve/CVE-2026-28946.html * https://www.suse.com/security/cve/CVE-2026-28947.html * https://www.suse.com/security/cve/CVE-2026-28953.html *https://www.suse.com/security/cve/CVE-2026-28955.html * https://www.suse.com/security/cve/CVE-2026-28958.html * https://www.suse.com/security/cve/CVE-2026-43658.html * https://www.suse.com/security/cve/CVE-2026-43660.html * https://bugzilla.suse.com/show_bug.cgi?id=1267506 * https://bugzilla.suse.com/show_bug.cgi?id=1267507 * https://bugzilla.suse.com/show_bug.cgi?id=1267508 * https://bugzilla.suse.com/show_bug.cgi?id=1267509 * https://bugzilla.suse.com/show_bug.cgi?id=1267510 * https://bugzilla.suse.com/show_bug.cgi?id=1267511 * https://bugzilla.suse.com/show_bug.cgi?id=1267512 * https://bugzilla.suse.com/show_bug.cgi?id=1267513 * https://bugzilla.suse.com/show_bug.cgi?id=1267514 * https://bugzilla.suse.com/show_bug.cgi?id=1267515 * https://bugzilla.suse.com/show_bug.cgi?id=1267516 * https://bugzilla.suse.com/show_bug.cgi?id=1267517 * https://bugzilla.suse.com/show_bug.cgi?id=1267518 * https://bugzilla.suse.com/show_bug.cgi?id=1267519 * https://bugzilla.suse.com/show_bug.cgi?id=1267520 * https://bugzilla.suse.com/show_bug.cgi?id=1267521 . This update addresses significant vulnerabilities in webkit2gtk3, improving security against crafted web content attacks. . SUSE webkit2gtk3 update, important updates SUSE, software vulnerabilities fixed. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 24, 2026 Important SuSE
100

SUSE webkit2gtk3 Important Memory Issue Fix Advisory 2026-22203-1

An update that solves 16 vulnerabilities can now be installed.. # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2026:22203-1 Release Date: 2026-06-20T09:17:07Z Rating: important References: * bsc#1267506 * bsc#1267507 * bsc#1267508 * bsc#1267509 * bsc#1267510 * bsc#1267511 * bsc#1267512 * bsc#1267513 * bsc#1267514 * bsc#1267515 * bsc#1267516 * bsc#1267517 * bsc#1267518 * bsc#1267519 * bsc#1267520 * bsc#1267521 Cross-References: * CVE-2026-28847 * CVE-2026-28883 * CVE-2026-28901 * CVE-2026-28902 * CVE-2026-28903 * CVE-2026-28904 * CVE-2026-28905 * CVE-2026-28907 * CVE-2026-28942 * CVE-2026-28946 * CVE-2026-28947 * CVE-2026-28953 * CVE-2026-28955 * CVE-2026-28958 * CVE-2026-43658 * CVE-2026-43660 CVSS scores: * CVE-2026-28847 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28847 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28847 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28883 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28883 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28883 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28901 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28901 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28901 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-28902 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28902 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28902 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28903 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28903 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28903( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28904 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28904 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28904 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28905 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28905 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28905 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28907 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-28907 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N * CVE-2026-28907 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-28942 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28942 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28942 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28946 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28946 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28946 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28947 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28947 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28947 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28953 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28953 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28953 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28955 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28955 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28955 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28958 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-28958 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-28958 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-43658 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43658 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-43658 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-43660 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43660 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N * CVE-2026-43660 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 An update that solves 16 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues Update to version 2.52.4: * CVE-2026-28847: processing maliciously crafted web content may lead to an unexpected process crash or arbitrary code execution due to a heap buffer overflow (bsc#1267506). * CVE-2026-28883: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after- free issue (bsc#1267507). * CVE-2026-28901: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267508). * CVE-2026-28902: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267509). * CVE-2026-28903: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267510). * CVE-2026-28904: processing maliciously crafted web content may lead to an unexpected process crash due toimproper memory handling (bsc#1267511). * CVE-2026-28905: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267512). * CVE-2026-28907: processing maliciously crafted web content may prevent Content Security Policy from being enforced due to improper input validation (bsc#1267513). * CVE-2026-28942: processing maliciously crafted web content may lead to an unexpected crash due to use-after-free (bsc#1267514). * CVE-2026-28946: processing maliciously crafted web content may lead to an unexpected crash due to a use-after-free (bsc#1267515). * CVE-2026-28947: rocessing maliciously crafted web content may lead to an unexpected crash due to a use-after-free (bsc#1267516). * CVE-2026-28953: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267517). * CVE-2026-28955: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267518). * CVE-2026-28958: an app may be able to access sensitive user data due to improper data protection (bsc#1267519). * CVE-2026-43658: processing maliciously crafted web content may lead to an unexpected crash due to improper memory handling (bsc#1267520). * CVE-2026-43660: processing maliciously crafted web content may prevent Content Security Policy from being enforced due to issues with logic (bsc#1267521). Changes for webkit2gtk3: * Add support for half-width fonts. * Improve content filter compilation by avoiding file copies. * Improve handling of out of disk space conditions when the NetworkProcess tried to write data in caches. * Improve how the CMake build system checks whether libatomic is required. * Fix painting scrollbars when their width changes. * Fix playback of certain YouTube videos with low frame rates. * Fix webkit://gpu not working in systems where neither libGL.so.1 nor libOpenGL.so.0 are available. * Fix the build with librice 0.4 or newer when the GStreamer WebRTC backend is enabled at build configuration time. * Fix the build with USE_GSTREAMER_WEBRTC=OFF. * Fix the build with USE_GBM=OFF. * Fix several crashes and rendering issues. * Security fixes: CVE-2026-28847, CVE-2026-28883, CVE-2026-28901, CVE-2026-28902, CVE-2026-28903, CVE-2026-28904, CVE-2026-28905, CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947, CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658, CVe-2026-43660. * Changes in version .52.3; * Add support for the "scrollbar-color" CSS property. * Fix some emoji glyphs being rendered as missing glyph boxes. * Fix JavaScriptCore crashes on architectures other than x86_64. * Fix the build on s390x. * Changes in version 2.52.2: * Improve handling of real-time threads. * Fix scrollbar rendering glitches visible in some GPU configurations. * Fix V4L2 hardware accelerated media codecs now working due to overly restrictive sandbox device access rules. * Fix leak of bitmap images in webkit_favicon_database_get_favicon_finish(). * Fix the build with USE_GTK4=OFF. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-994=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-6_0-1-2.52.4-160000.1.1 * webkit2gtk-4_1-injected-bundles-2.52.4-160000.1.1 * webkit-jsc-4.1-2.52.4-160000.1.1 * typelib-1_0-WebKit-6_0-2.52.4-160000.1.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.4-160000.1.1 * webkit-jsc-6.0-2.52.4-160000.1.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.4-160000.1.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.4-160000.1.1 * libwebkit2gtk-4_1-0-2.52.4-160000.1.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.4-160000.1.1 * webkit-jsc-4.1-debuginfo-2.52.4-160000.1.1 * libwebkitgtk-6_0-4-2.52.4-160000.1.1 * webkit-jsc-6.0-debuginfo-2.52.4-160000.1.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.4-160000.1.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.4-160000.1.1 * webkit2gtk4-minibrowser-2.52.4-160000.1.1 * typelib-1_0-JavaScriptCore-4_1-2.52.4-160000.1.1 * libwebkitgtk-6_0-4-debuginfo-2.52.4-160000.1.1 * webkit2gtk3-minibrowser-debuginfo-2.52.4-160000.1.1 * webkit2gtk3-minibrowser-2.52.4-160000.1.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.4-160000.1.1 * typelib-1_0-JavaScriptCore-6_0-2.52.4-160000.1.1 * webkit2gtk4-minibrowser-debuginfo-2.52.4-160000.1.1 * libjavascriptcoregtk-4_1-0-2.52.4-160000.1.1 * webkitgtk-6_0-injected-bundles-2.52.4-160000.1.1 * typelib-1_0-WebKit2-4_1-2.52.4-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * WebKitGTK-6.0-lang-2.52.4-160000.1.1 * WebKitGTK-4.1-lang-2.52.4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28847.html * https://www.suse.com/security/cve/CVE-2026-28883.html * https://www.suse.com/security/cve/CVE-2026-28901.html * https://www.suse.com/security/cve/CVE-2026-28902.html * https://www.suse.com/security/cve/CVE-2026-28903.html * https://www.suse.com/security/cve/CVE-2026-28904.html * https://www.suse.com/security/cve/CVE-2026-28905.html * https://www.suse.com/security/cve/CVE-2026-28907.html * https://www.suse.com/security/cve/CVE-2026-28942.html * https://www.suse.com/security/cve/CVE-2026-28946.html * https://www.suse.com/security/cve/CVE-2026-28947.html * https://www.suse.com/security/cve/CVE-2026-28953.html * https://www.suse.com/security/cve/CVE-2026-28955.html * https://www.suse.com/security/cve/CVE-2026-28958.html * https://www.suse.com/security/cve/CVE-2026-43658.html * https://www.suse.com/security/cve/CVE-2026-43660.html * https://bugzilla.suse.com/show_bug.cgi?id=1267506 * https://bugzilla.suse.com/show_bug.cgi?id=1267507 * https://bugzilla.suse.com/show_bug.cgi?id=1267508 * https://bugzilla.suse.com/show_bug.cgi?id=1267509 * https://bugzilla.suse.com/show_bug.cgi?id=1267510 * https://bugzilla.suse.com/show_bug.cgi?id=1267511 * https://bugzilla.suse.com/show_bug.cgi?id=1267512 * https://bugzilla.suse.com/show_bug.cgi?id=1267513 * https://bugzilla.suse.com/show_bug.cgi?id=1267514 * https://bugzilla.suse.com/show_bug.cgi?id=1267515 * https://bugzilla.suse.com/show_bug.cgi?id=1267516 * https://bugzilla.suse.com/show_bug.cgi?id=1267517 * https://bugzilla.suse.com/show_bug.cgi?id=1267518 * https://bugzilla.suse.com/show_bug.cgi?id=1267519 * https://bugzilla.suse.com/show_bug.cgi?id=1267520 * https://bugzilla.suse.com/show_bug.cgi?id=1267521 . A vital update for webkit2gtk3 addresses 16 issues, mitigating risks of process crashes and enhancing user security.. SUSE security update, webkit2gtk3 vulnerabilities, important security fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 23, 2026 Important SuSE
217

Oracle Linux 8 Webkit2gtk3 Major Security Advisory ELSA-2026-25918

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-25918 http://linux.oracle.com/errata/ELSA-2026-25918.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: webkit2gtk3-2.52.4-1.el8_10.i686.rpm webkit2gtk3-2.52.4-1.el8_10.x86_64.rpm webkit2gtk3-devel-2.52.4-1.el8_10.i686.rpm webkit2gtk3-devel-2.52.4-1.el8_10.x86_64.rpm webkit2gtk3-jsc-2.52.4-1.el8_10.i686.rpm webkit2gtk3-jsc-2.52.4-1.el8_10.x86_64.rpm webkit2gtk3-jsc-devel-2.52.4-1.el8_10.i686.rpm webkit2gtk3-jsc-devel-2.52.4-1.el8_10.x86_64.rpm aarch64: webkit2gtk3-2.52.4-1.el8_10.aarch64.rpm webkit2gtk3-devel-2.52.4-1.el8_10.aarch64.rpm webkit2gtk3-jsc-2.52.4-1.el8_10.aarch64.rpm webkit2gtk3-jsc-devel-2.52.4-1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/webkit2gtk3-2.52.4-1.el8_10.src.rpm Related CVEs: CVE-2026-28847 CVE-2026-28883 CVE-2026-28901 CVE-2026-28902 CVE-2026-28903 CVE-2026-28904 CVE-2026-28905 CVE-2026-28907 CVE-2026-28942 CVE-2026-28946 CVE-2026-28947 CVE-2026-28953 CVE-2026-28955 CVE-2026-28958 CVE-2026-43658 CVE-2026-43660 Description of changes: [2.52.4-1] - Update to 2.52.4 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 8 updates with important security fixes for webkit2gtk3. Stay secure with the latest patches.. Oracle Linux 8, webkit2gtk3, security advisory, updates, patch management. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 18, 2026 Important Oracle
202

openSUSE webkit2gtk3 Important Process Crash Security Advisory 2026-2378-1

An update that solves 16 vulnerabilities can now be installed.. # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2026:2378-1 Release Date: 2026-06-11T16:10:30Z Rating: important References: * bsc#1267506 * bsc#1267507 * bsc#1267508 * bsc#1267509 * bsc#1267510 * bsc#1267511 * bsc#1267512 * bsc#1267513 * bsc#1267514 * bsc#1267515 * bsc#1267516 * bsc#1267517 * bsc#1267518 * bsc#1267519 * bsc#1267520 * bsc#1267521 Cross-References: * CVE-2026-28847 * CVE-2026-28883 * CVE-2026-28901 * CVE-2026-28902 * CVE-2026-28903 * CVE-2026-28904 * CVE-2026-28905 * CVE-2026-28907 * CVE-2026-28942 * CVE-2026-28946 * CVE-2026-28947 * CVE-2026-28953 * CVE-2026-28955 * CVE-2026-28958 * CVE-2026-43658 * CVE-2026-43660 CVSS scores: * CVE-2026-28847 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28847 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28847 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28883 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28883 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28883 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28901 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28901 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28901 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-28902 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28902 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28902 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28903 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28903 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28903( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28904 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28904 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28904 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28905 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28905 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28905 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28907 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-28907 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N * CVE-2026-28907 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-28942 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28942 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28942 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28946 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28946 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28946 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28947 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28947 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28947 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28953 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28953 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28953 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28955 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-28955 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-28955 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28958 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-28958 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-28958 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-43658 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43658 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-43658 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-43660 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43660 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N * CVE-2026-43660 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 16 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues Update to version 2.52.4: * CVE-2026-28847: processing maliciously crafted web content may lead to an unexpected process crash or arbitrary code execution due to a heap buffer overflow (bsc#1267506). * CVE-2026-28883: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after- free issue (bsc#1267507). * CVE-2026-28901: processing maliciously crafted web content may lead to an unexpected process crashdue to improper memory handling (bsc#1267508). * CVE-2026-28902: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267509). * CVE-2026-28903: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267510). * CVE-2026-28904: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267511). * CVE-2026-28905: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267512). * CVE-2026-28907: processing maliciously crafted web content may prevent Content Security Policy from being enforced due to improper input validation (bsc#1267513). * CVE-2026-28942: processing maliciously crafted web content may lead to an unexpected crash due to use-after-free (bsc#1267514). * CVE-2026-28946: processing maliciously crafted web content may lead to an unexpected crash due to a use-after-free (bsc#1267515). * CVE-2026-28947: rocessing maliciously crafted web content may lead to an unexpected crash due to a use-after-free (bsc#1267516). * CVE-2026-28953: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267517). * CVE-2026-28955: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1267518). * CVE-2026-28958: an app may be able to access sensitive user data due to improper data protection (bsc#1267519). * CVE-2026-43658: processing maliciously crafted web content may lead to an unexpected crash due to improper memory handling (bsc#1267520). * CVE-2026-43660: processing maliciously crafted web content may prevent Content Security Policy from being enforced due to issues with logic (bsc#1267521). Changes: * Add support for half-width fonts. *Improve content filter compilation by avoiding file copies. * Improve handling of out of disk space conditions when the NetworkProcess tried to write data in caches. * Improve how the CMake build system checks whether libatomic is required. * Fix painting scrollbars when their width changes. * Fix playback of certain YouTube videos with low frame rates. * Fix webkit://gpu not working in systems where neither libGL.so.1 nor libOpenGL.so.0 are available. * Fix the build with librice 0.4 or newer when the GStreamer WebRTC backend is enabled at build configuration time. * Fix the build with USE_GSTREAMER_WEBRTC=OFF. * Fix the build with USE_GBM=OFF. * Fix several crashes and rendering issues. * Add support for the "scrollbar-color" CSS property. * Fix some emoji glyphs being rendered as missing glyph boxes. * Fix JavaScriptCore crashes on architectures other than x86_64. * Fix the build on s390x. * Changes in version 2.52.2: * Improve handling of real-time threads. * Fix scrollbar rendering glitches visible in some GPU configurations. * Fix V4L2 hardware accelerated media codecs now working due to overly restrictive sandbox device access rules. * Fix leak of bitmap images in webkit_favicon_database_get_favicon_finish(). * Fix the build with USE_GTK4=OFF. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2378=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2378=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2378=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2378=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2378=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2378=1 ## Package List: * openSUSE Leap 15.4 (noarch) * WebKitGTK-4.1-lang-2.52.4-150400.4.143.1 * WebKitGTK-4.0-lang-2.52.4-150400.4.143.1 * WebKitGTK-6.0-lang-2.52.4-150400.4.143.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * webkit-jsc-4-debuginfo-2.52.4-150400.4.143.1 * libwebkit2gtk-4_0-37-2.52.4-150400.4.143.1 * webkitgtk-6_0-injected-bundles-2.52.4-150400.4.143.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.4-150400.4.143.1 * webkit2gtk4-debugsource-2.52.4-150400.4.143.1 * webkit2gtk3-soup2-minibrowser-2.52.4-150400.4.143.1 * webkit-jsc-4.1-debuginfo-2.52.4-150400.4.143.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.4-150400.4.143.1 * libjavascriptcoregtk-6_0-1-2.52.4-150400.4.143.1 * webkit2gtk-4_1-injected-bundles-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_0-18-2.52.4-150400.4.143.1 * webkit2gtk-4_0-injected-bundles-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.4-150400.4.143.1 * webkit2gtk3-soup2-minibrowser-debuginfo-2.52.4-150400.4.143.1 * libwebkitgtk-6_0-4-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2-4_1-2.52.4-150400.4.143.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.4-150400.4.143.1 * webkit-jsc-6.0-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_1-0-2.52.4-150400.4.143.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-WebKit-6_0-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-JavaScriptCore-4_0-2.52.4-150400.4.143.1 * webkit-jsc-6.0-debuginfo-2.52.4-150400.4.143.1 * webkit2gtk4-devel-2.52.4-150400.4.143.1 * webkit-jsc-4.1-2.52.4-150400.4.143.1 * webkit-jsc-4-2.52.4-150400.4.143.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.4-150400.4.143.1 * webkit2gtk3-devel-2.52.4-150400.4.143.1 * webkit2gtk3-soup2-debugsource-2.52.4-150400.4.143.1 * webkit2gtk4-minibrowser-2.52.4-150400.4.143.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.4-150400.4.143.1 * webkit2gtk3-minibrowser-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2-4_0-2.52.4-150400.4.143.1 * webkit2gtk4-minibrowser-debuginfo-2.52.4-150400.4.143.1 * libwebkitgtk-6_0-4-2.52.4-150400.4.143.1 * typelib-1_0-JavaScriptCore-4_1-2.52.4-150400.4.143.1 * webkit2gtk3-minibrowser-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-JavaScriptCore-6_0-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.4-150400.4.143.1 * webkit2gtk3-debugsource-2.52.4-150400.4.143.1 * webkit2gtk3-soup2-devel-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-2.52.4-150400.4.143.1 * openSUSE Leap 15.4 (x86_64) * libjavascriptcoregtk-4_0-18-32bit-2.52.4-150400.4.143.1 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.52.4-150400.4.143.1 * libwebkit2gtk-4_0-37-32bit-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_1-0-32bit-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-32bit-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.52.4-150400.4.143.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libjavascriptcoregtk-4_1-0-64bit-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_0-18-64bit-2.52.4-150400.4.143.1 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.52.4-150400.4.143.1 * libwebkit2gtk-4_0-37-64bit-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-64bit-2.52.4-150400.4.143.1 * SUSE Linux EnterpriseHigh Performance Computing ESPOS 15 SP4 (noarch) * WebKitGTK-4.1-lang-2.52.4-150400.4.143.1 * WebKitGTK-4.0-lang-2.52.4-150400.4.143.1 * WebKitGTK-6.0-lang-2.52.4-150400.4.143.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libwebkit2gtk-4_0-37-2.52.4-150400.4.143.1 * webkitgtk-6_0-injected-bundles-2.52.4-150400.4.143.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.4-150400.4.143.1 * webkit2gtk4-debugsource-2.52.4-150400.4.143.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.4-150400.4.143.1 * libjavascriptcoregtk-6_0-1-2.52.4-150400.4.143.1 * webkit2gtk-4_1-injected-bundles-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_0-18-2.52.4-150400.4.143.1 * webkit2gtk-4_0-injected-bundles-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.4-150400.4.143.1 * libwebkitgtk-6_0-4-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2-4_1-2.52.4-150400.4.143.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_1-0-2.52.4-150400.4.143.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-JavaScriptCore-4_0-2.52.4-150400.4.143.1 * webkit2gtk3-devel-2.52.4-150400.4.143.1 * webkit2gtk3-soup2-debugsource-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2-4_0-2.52.4-150400.4.143.1 * libwebkitgtk-6_0-4-2.52.4-150400.4.143.1 * typelib-1_0-JavaScriptCore-4_1-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.4-150400.4.143.1 * webkit2gtk3-debugsource-2.52.4-150400.4.143.1 * webkit2gtk3-soup2-devel-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-2.52.4-150400.4.143.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * WebKitGTK-4.1-lang-2.52.4-150400.4.143.1 *WebKitGTK-4.0-lang-2.52.4-150400.4.143.1 * WebKitGTK-6.0-lang-2.52.4-150400.4.143.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libwebkit2gtk-4_0-37-2.52.4-150400.4.143.1 * webkitgtk-6_0-injected-bundles-2.52.4-150400.4.143.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.4-150400.4.143.1 * webkit2gtk4-debugsource-2.52.4-150400.4.143.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.4-150400.4.143.1 * libjavascriptcoregtk-6_0-1-2.52.4-150400.4.143.1 * webkit2gtk-4_1-injected-bundles-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_0-18-2.52.4-150400.4.143.1 * webkit2gtk-4_0-injected-bundles-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.4-150400.4.143.1 * libwebkitgtk-6_0-4-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2-4_1-2.52.4-150400.4.143.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_1-0-2.52.4-150400.4.143.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-JavaScriptCore-4_0-2.52.4-150400.4.143.1 * webkit2gtk3-devel-2.52.4-150400.4.143.1 * webkit2gtk3-soup2-debugsource-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2-4_0-2.52.4-150400.4.143.1 * libwebkitgtk-6_0-4-2.52.4-150400.4.143.1 * typelib-1_0-JavaScriptCore-4_1-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.4-150400.4.143.1 * webkit2gtk3-debugsource-2.52.4-150400.4.143.1 * webkit2gtk3-soup2-devel-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-2.52.4-150400.4.143.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * WebKitGTK-4.1-lang-2.52.4-150400.4.143.1 * WebKitGTK-4.0-lang-2.52.4-150400.4.143.1 * WebKitGTK-6.0-lang-2.52.4-150400.4.143.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (ppc64le s390x x86_64) * libwebkit2gtk-4_0-37-2.52.4-150400.4.143.1 * webkitgtk-6_0-injected-bundles-2.52.4-150400.4.143.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.4-150400.4.143.1 * webkit2gtk4-debugsource-2.52.4-150400.4.143.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.4-150400.4.143.1 * libjavascriptcoregtk-6_0-1-2.52.4-150400.4.143.1 * webkit2gtk-4_1-injected-bundles-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_0-18-2.52.4-150400.4.143.1 * webkit2gtk-4_0-injected-bundles-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.4-150400.4.143.1 * libwebkitgtk-6_0-4-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2-4_1-2.52.4-150400.4.143.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_1-0-2.52.4-150400.4.143.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-JavaScriptCore-4_0-2.52.4-150400.4.143.1 * webkit2gtk3-devel-2.52.4-150400.4.143.1 * webkit2gtk3-soup2-debugsource-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2-4_0-2.52.4-150400.4.143.1 * libwebkitgtk-6_0-4-2.52.4-150400.4.143.1 * typelib-1_0-JavaScriptCore-4_1-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.4-150400.4.143.1 * webkit2gtk3-debugsource-2.52.4-150400.4.143.1 * webkit2gtk3-soup2-devel-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-2.52.4-150400.4.143.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * WebKitGTK-4.1-lang-2.52.4-150400.4.143.1 * WebKitGTK-4.0-lang-2.52.4-150400.4.143.1 * WebKitGTK-6.0-lang-2.52.4-150400.4.143.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 s390x) * libwebkit2gtk-4_0-37-2.52.4-150400.4.143.1 * webkitgtk-6_0-injected-bundles-2.52.4-150400.4.143.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.4-150400.4.143.1 *webkit2gtk4-debugsource-2.52.4-150400.4.143.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.4-150400.4.143.1 * libjavascriptcoregtk-6_0-1-2.52.4-150400.4.143.1 * webkit2gtk-4_1-injected-bundles-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_0-18-2.52.4-150400.4.143.1 * webkit2gtk-4_0-injected-bundles-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.4-150400.4.143.1 * libwebkitgtk-6_0-4-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2-4_1-2.52.4-150400.4.143.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_1-0-2.52.4-150400.4.143.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-JavaScriptCore-4_0-2.52.4-150400.4.143.1 * webkit2gtk3-devel-2.52.4-150400.4.143.1 * webkit2gtk3-soup2-debugsource-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2-4_0-2.52.4-150400.4.143.1 * libwebkitgtk-6_0-4-2.52.4-150400.4.143.1 * typelib-1_0-JavaScriptCore-4_1-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.4-150400.4.143.1 * webkit2gtk3-debugsource-2.52.4-150400.4.143.1 * webkit2gtk3-soup2-devel-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-2.52.4-150400.4.143.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * WebKitGTK-4.1-lang-2.52.4-150400.4.143.1 * WebKitGTK-4.0-lang-2.52.4-150400.4.143.1 * WebKitGTK-6.0-lang-2.52.4-150400.4.143.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le) * libwebkit2gtk-4_0-37-2.52.4-150400.4.143.1 * webkitgtk-6_0-injected-bundles-2.52.4-150400.4.143.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.4-150400.4.143.1 * webkit2gtk4-debugsource-2.52.4-150400.4.143.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.4-150400.4.143.1 *libjavascriptcoregtk-4_1-0-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.4-150400.4.143.1 * libjavascriptcoregtk-6_0-1-2.52.4-150400.4.143.1 * webkit2gtk-4_1-injected-bundles-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_0-18-2.52.4-150400.4.143.1 * webkit2gtk-4_0-injected-bundles-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.4-150400.4.143.1 * libwebkitgtk-6_0-4-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2-4_1-2.52.4-150400.4.143.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_1-0-2.52.4-150400.4.143.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.4-150400.4.143.1 * typelib-1_0-JavaScriptCore-4_0-2.52.4-150400.4.143.1 * webkit2gtk3-devel-2.52.4-150400.4.143.1 * webkit2gtk3-soup2-debugsource-2.52.4-150400.4.143.1 * typelib-1_0-WebKit2-4_0-2.52.4-150400.4.143.1 * libwebkitgtk-6_0-4-2.52.4-150400.4.143.1 * typelib-1_0-JavaScriptCore-4_1-2.52.4-150400.4.143.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.4-150400.4.143.1 * webkit2gtk3-debugsource-2.52.4-150400.4.143.1 * webkit2gtk3-soup2-devel-2.52.4-150400.4.143.1 * libwebkit2gtk-4_1-0-2.52.4-150400.4.143.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28847.html * https://www.suse.com/security/cve/CVE-2026-28883.html * https://www.suse.com/security/cve/CVE-2026-28901.html * https://www.suse.com/security/cve/CVE-2026-28902.html * https://www.suse.com/security/cve/CVE-2026-28903.html * https://www.suse.com/security/cve/CVE-2026-28904.html * https://www.suse.com/security/cve/CVE-2026-28905.html * https://www.suse.com/security/cve/CVE-2026-28907.html * https://www.suse.com/security/cve/CVE-2026-28942.html * https://www.suse.com/security/cve/CVE-2026-28946.html * https://www.suse.com/security/cve/CVE-2026-28947.html * https://www.suse.com/security/cve/CVE-2026-28953.html *https://www.suse.com/security/cve/CVE-2026-28955.html * https://www.suse.com/security/cve/CVE-2026-28958.html * https://www.suse.com/security/cve/CVE-2026-43658.html * https://www.suse.com/security/cve/CVE-2026-43660.html * https://bugzilla.suse.com/show_bug.cgi?id=1267506 * https://bugzilla.suse.com/show_bug.cgi?id=1267507 * https://bugzilla.suse.com/show_bug.cgi?id=1267508 * https://bugzilla.suse.com/show_bug.cgi?id=1267509 * https://bugzilla.suse.com/show_bug.cgi?id=1267510 * https://bugzilla.suse.com/show_bug.cgi?id=1267511 * https://bugzilla.suse.com/show_bug.cgi?id=1267512 * https://bugzilla.suse.com/show_bug.cgi?id=1267513 * https://bugzilla.suse.com/show_bug.cgi?id=1267514 * https://bugzilla.suse.com/show_bug.cgi?id=1267515 * https://bugzilla.suse.com/show_bug.cgi?id=1267516 * https://bugzilla.suse.com/show_bug.cgi?id=1267517 * https://bugzilla.suse.com/show_bug.cgi?id=1267518 * https://bugzilla.suse.com/show_bug.cgi?id=1267519 * https://bugzilla.suse.com/show_bug.cgi?id=1267520 * https://bugzilla.suse.com/show_bug.cgi?id=1267521 . An important security update for openSUSE addresses 16 vulnerabilities in webkit2gtk3, ensuring safer web content processing.. webkit2gtk3 update, openSUSE vulnerabilities, security advisory openSUSE, openSUSE 2026 update, security patch webkit2gtk3. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 11, 2026 Important OpenSUSE
100

openSUSE Leap 15.4 webkit2gtk3 Moderate Threats ID SUSE-2026-1749-1

An update that solves eight vulnerabilities can now be installed.. # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2026:1749-1 Release Date: 2026-05-07T10:49:01Z Rating: moderate References: * bsc#1261172 * bsc#1261173 * bsc#1261174 * bsc#1261175 * bsc#1261176 * bsc#1261177 * bsc#1261178 * bsc#1261179 Cross-References: * CVE-2026-20643 * CVE-2026-20664 * CVE-2026-20665 * CVE-2026-20691 * CVE-2026-28857 * CVE-2026-28859 * CVE-2026-28861 * CVE-2026-28871 CVSS scores: * CVE-2026-20643 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20643 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20664 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20664 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-20665 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-20665 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-20691 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20691 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28857 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28857 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28859 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-28859 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28861 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-28861 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.4 An update that solves eight vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: *CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy (bsc#1261172). * CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1261173). * CVE-2026-20665: processing maliciously crafted web content may prevent Content Security Policy from being enforced (bsc#1261174). * CVE-2026-20691: a maliciously crafted webpage may be able to fingerprint the user (bsc#1261175). * CVE-2026-28857: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1261176). * CVE-2026-28859: a malicious website may be able to process restricted web content outside the sandbox (bsc#1261177). * CVE-2026-28861: a malicious website may be able to access script message handlers intended for other origins (bsc#1261178). * CVE-2026-28871: visiting a maliciously crafted website may lead to a cross- site scripting attack (bsc#1261179). Other updates and bugfixes: * Reduce the amount of useless MPRIS notifications produced by MediaSession when the information about media being played is incomplete. * Support turning off USE_GSTREAMER to configure the build with all multimedia features disabled. * Add Sysprof marks for mouse events. * Fix MediaSession icon for iheart.com not being displayed. * Fix the build with USE_GSTREAMER_GL disabled. * Fix the build with librice version 0.3.0 or newer. * Fix several crashes and rendering issues. * Translation updates: Georgian. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1749=1 ## Package List: * openSUSE Leap 15.4 (noarch) * WebKitGTK-4.1-lang-2.52.1-150400.4.140.2 * WebKitGTK-6.0-lang-2.52.1-150400.4.140.2 * WebKitGTK-4.0-lang-2.52.1-150400.4.140.2 * openSUSE Leap 15.4 (aarch64 ppc64les390x x86_64 i586) * webkit-jsc-4-debuginfo-2.52.1-150400.4.140.2 * typelib-1_0-JavaScriptCore-4_0-2.52.1-150400.4.140.2 * webkit2gtk4-minibrowser-2.52.1-150400.4.140.2 * webkit2gtk-4_0-injected-bundles-2.52.1-150400.4.140.2 * libwebkitgtk-6_0-4-debuginfo-2.52.1-150400.4.140.2 * webkit2gtk4-debugsource-2.52.1-150400.4.140.2 * typelib-1_0-WebKit2-4_0-2.52.1-150400.4.140.2 * webkit2gtk4-devel-2.52.1-150400.4.140.2 * webkit-jsc-4-2.52.1-150400.4.140.2 * webkit2gtk3-soup2-minibrowser-debuginfo-2.52.1-150400.4.140.2 * typelib-1_0-JavaScriptCore-6_0-2.52.1-150400.4.140.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-150400.4.140.2 * webkit2gtk3-soup2-minibrowser-2.52.1-150400.4.140.2 * typelib-1_0-JavaScriptCore-4_1-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_1-0-2.52.1-150400.4.140.2 * libjavascriptcoregtk-6_0-1-2.52.1-150400.4.140.2 * webkit2gtk3-devel-2.52.1-150400.4.140.2 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-150400.4.140.2 * libwebkit2gtk-4_0-37-debuginfo-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-150400.4.140.2 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-150400.4.140.2 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-150400.4.140.2 * webkit-jsc-4.1-debuginfo-2.52.1-150400.4.140.2 * webkit-jsc-6.0-debuginfo-2.52.1-150400.4.140.2 * webkit2gtk3-soup2-debugsource-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_0-18-2.52.1-150400.4.140.2 * libwebkitgtk-6_0-4-2.52.1-150400.4.140.2 * libwebkit2gtk-4_1-0-2.52.1-150400.4.140.2 * webkit2gtk4-minibrowser-debuginfo-2.52.1-150400.4.140.2 * libwebkit2gtk-4_0-37-2.52.1-150400.4.140.2 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-150400.4.140.2 * webkit2gtk-4_1-injected-bundles-2.52.1-150400.4.140.2 * typelib-1_0-WebKit2-4_1-2.52.1-150400.4.140.2 * typelib-1_0-WebKit-6_0-2.52.1-150400.4.140.2 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-150400.4.140.2 *webkitgtk-6_0-injected-bundles-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-150400.4.140.2 * webkit2gtk3-minibrowser-2.52.1-150400.4.140.2 * typelib-1_0-WebKit2WebExtension-4_0-2.52.1-150400.4.140.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-150400.4.140.2 * webkit-jsc-4.1-2.52.1-150400.4.140.2 * webkit2gtk3-debugsource-2.52.1-150400.4.140.2 * webkit2gtk3-minibrowser-debuginfo-2.52.1-150400.4.140.2 * webkit2gtk3-soup2-devel-2.52.1-150400.4.140.2 * webkit-jsc-6.0-2.52.1-150400.4.140.2 * openSUSE Leap 15.4 (x86_64) * libwebkit2gtk-4_0-37-32bit-debuginfo-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.52.1-150400.4.140.2 * libwebkit2gtk-4_1-0-32bit-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_0-18-32bit-2.52.1-150400.4.140.2 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_1-0-32bit-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.52.1-150400.4.140.2 * libwebkit2gtk-4_0-37-32bit-2.52.1-150400.4.140.2 * openSUSE Leap 15.4 (aarch64_ilp32) * libwebkit2gtk-4_0-37-64bit-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_1-0-64bit-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.52.1-150400.4.140.2 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_0-18-64bit-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.52.1-150400.4.140.2 * libwebkit2gtk-4_1-0-64bit-2.52.1-150400.4.140.2 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.52.1-150400.4.140.2 ## References: * https://www.suse.com/security/cve/CVE-2026-20643.html * https://www.suse.com/security/cve/CVE-2026-20664.html * https://www.suse.com/security/cve/CVE-2026-20665.html * https://www.suse.com/security/cve/CVE-2026-20691.html * https://www.suse.com/security/cve/CVE-2026-28857.html * https://www.suse.com/security/cve/CVE-2026-28859.html *https://www.suse.com/security/cve/CVE-2026-28861.html * https://www.suse.com/security/cve/CVE-2026-28871.html * https://bugzilla.suse.com/show_bug.cgi?id=1261172 * https://bugzilla.suse.com/show_bug.cgi?id=1261173 * https://bugzilla.suse.com/show_bug.cgi?id=1261174 * https://bugzilla.suse.com/show_bug.cgi?id=1261175 * https://bugzilla.suse.com/show_bug.cgi?id=1261176 * https://bugzilla.suse.com/show_bug.cgi?id=1261177 * https://bugzilla.suse.com/show_bug.cgi?id=1261178 * https://bugzilla.suse.com/show_bug.cgi?id=1261179 . This advisory covers eight vulnerabilities fixed in webkit2gtk3 for openSUSE with moderate severity updates.. Linux Security Update, OpenSUSE Webkit Update, Security Patch Management. . LinuxSecurity.com Team

Calendar%202 May 07, 2026 SuSE
100

SUSE Webkit2gtk3 Moderate Security Update Multiple Issues 2026-1648-1

An update that solves eight vulnerabilities can now be installed.. # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2026:1648-1 Release Date: 2026-04-28T18:07:02Z Rating: moderate References: * bsc#1261172 * bsc#1261173 * bsc#1261174 * bsc#1261175 * bsc#1261176 * bsc#1261177 * bsc#1261178 * bsc#1261179 Cross-References: * CVE-2026-20643 * CVE-2026-20664 * CVE-2026-20665 * CVE-2026-20691 * CVE-2026-28857 * CVE-2026-28859 * CVE-2026-28861 * CVE-2026-28871 CVSS scores: * CVE-2026-20643 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20643 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20664 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20664 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-20665 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-20665 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-20691 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20691 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28857 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28857 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28859 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-28859 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28861 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-28861 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves eight vulnerabilities can now beinstalled. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: * CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy (bsc#1261172). * CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1261173). * CVE-2026-20665: processing maliciously crafted web content may prevent Content Security Policy from being enforced (bsc#1261174). * CVE-2026-20691: a maliciously crafted webpage may be able to fingerprint the user (bsc#1261175). * CVE-2026-28857: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1261176). * CVE-2026-28859: a malicious website may be able to process restricted web content outside the sandbox (bsc#1261177). * CVE-2026-28861: a malicious website may be able to access script message handlers intended for other origins (bsc#1261178). * CVE-2026-28871: visiting a maliciously crafted website may lead to a cross- site scripting attack (bsc#1261179). Other updates and bugfixes: * Reduce the amount of useless MPRIS notifications produced by MediaSession when the information about media being played is incomplete. * Support turning off USE_GSTREAMER to configure the build with all multimedia features disabled. * Add Sysprof marks for mouse events. * Fix MediaSession icon for iheart.com not being displayed. * Fix the build with USE_GSTREAMER_GL disabled. * Fix the build with librice version 0.3.0 or newer. * Fix several crashes and rendering issues. * Translation updates: Georgian. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1648=1 ## PackageList: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libjavascriptcoregtk-4_0-18-2.52.1-4.57.1 * webkit2gtk3-debugsource-2.52.1-4.57.1 * typelib-1_0-WebKit2-4_0-2.52.1-4.57.1 * typelib-1_0-JavaScriptCore-4_0-2.52.1-4.57.1 * webkit2gtk3-devel-2.52.1-4.57.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.1-4.57.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-4.57.1 * libwebkit2gtk-4_0-37-2.52.1-4.57.1 * webkit2gtk-4_0-injected-bundles-2.52.1-4.57.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.1-4.57.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-4.57.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * libwebkit2gtk3-lang-2.52.1-4.57.1 ## References: * https://www.suse.com/security/cve/CVE-2026-20643.html * https://www.suse.com/security/cve/CVE-2026-20664.html * https://www.suse.com/security/cve/CVE-2026-20665.html * https://www.suse.com/security/cve/CVE-2026-20691.html * https://www.suse.com/security/cve/CVE-2026-28857.html * https://www.suse.com/security/cve/CVE-2026-28859.html * https://www.suse.com/security/cve/CVE-2026-28861.html * https://www.suse.com/security/cve/CVE-2026-28871.html * https://bugzilla.suse.com/show_bug.cgi?id=1261172 * https://bugzilla.suse.com/show_bug.cgi?id=1261173 * https://bugzilla.suse.com/show_bug.cgi?id=1261174 * https://bugzilla.suse.com/show_bug.cgi?id=1261175 * https://bugzilla.suse.com/show_bug.cgi?id=1261176 * https://bugzilla.suse.com/show_bug.cgi?id=1261177 * https://bugzilla.suse.com/show_bug.cgi?id=1261178 * https://bugzilla.suse.com/show_bug.cgi?id=1261179 . SUSE's webkit2gtk3 update resolves eight issues including moderate severity types. Critical updates fixed vulnerabilities.. SUSE Linux Webkit2gtk3 Security Patch Moderate CVE. . LinuxSecurity.com Team

Calendar%202 Apr 29, 2026 SuSE
217

Oracle Linux 8 webkit2gtk3 Important ELSA-2026-10702 Security Advisory

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-10702 http://linux.oracle.com/errata/ELSA-2026-10702.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: webkit2gtk3-2.52.3-1.el8_10.i686.rpm webkit2gtk3-2.52.3-1.el8_10.x86_64.rpm webkit2gtk3-devel-2.52.3-1.el8_10.i686.rpm webkit2gtk3-devel-2.52.3-1.el8_10.x86_64.rpm webkit2gtk3-jsc-2.52.3-1.el8_10.i686.rpm webkit2gtk3-jsc-2.52.3-1.el8_10.x86_64.rpm webkit2gtk3-jsc-devel-2.52.3-1.el8_10.i686.rpm webkit2gtk3-jsc-devel-2.52.3-1.el8_10.x86_64.rpm aarch64: webkit2gtk3-2.52.3-1.el8_10.aarch64.rpm webkit2gtk3-devel-2.52.3-1.el8_10.aarch64.rpm webkit2gtk3-jsc-2.52.3-1.el8_10.aarch64.rpm webkit2gtk3-jsc-devel-2.52.3-1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/webkit2gtk3-2.52.3-1.el8_10.src.rpm Related CVEs: CVE-2025-43213 CVE-2025-43214 CVE-2025-43457 CVE-2025-43511 CVE-2025-46299 CVE-2026-20608 CVE-2026-20635 CVE-2026-20636 CVE-2026-20643 CVE-2026-20644 CVE-2026-20652 CVE-2026-20664 CVE-2026-20665 CVE-2026-20676 CVE-2026-20691 CVE-2026-28857 CVE-2026-28859 CVE-2026-28871 Description of changes: [2.52.3-1] - Update to 2.52.3 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Important update for webkit2gtk3 on Oracle Linux 8 fixing several security issues including remote access risks.. Oracle Linux 8, webkit2gtk3, important security patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 28, 2026 Important Oracle
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200