SUSE-SU-2025:4528-1

Details

This update for webkit2gtk3 fixes the following issues:

Update to version 2.50.4.

Security issues fixed:

CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation (bsc#1255497).
CVE-2025-43501: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer overflow issue (bsc#1255194).
CVE-2025-43529: processing maliciously crafted web content may lead to arbitrary code execution due to a use-after-free issue (bsc#1255198).
CVE-2025-43531: processing maliciously crafted web content may lead to an unexpected process crash due to a race condition (bsc#1255183).
CVE-2025-43535: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1255195).
CVE-2025-43536: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1255200).
CVE-2025-43541: processing maliciously crafted web content may lead to an unexpected process crash due to type confusion (bsc#1255191).

Other updates and bugfixes:

Correctly handle the program name passed to the sleep disabler.
Ensure GStreamer is initialized before using the Quirks.
Fix several crashes and rendering issues.

Affected Packages

SUSE:Linux Enterprise Server 12 SP5-LTSSlibjavascriptcoregtk-4_0-18

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server 12 SP5-LTSSlibwebkit2gtk-4_0-37

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server 12 SP5-LTSSlibwebkit2gtk3-lang

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server 12 SP5-LTSStypelib-1_0-JavaScriptCore-4_0

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server 12 SP5-LTSStypelib-1_0-WebKit2-4_0

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server 12 SP5-LTSStypelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server 12 SP5-LTSSwebkit2gtk-4_0-injected-bundles

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server 12 SP5-LTSSwebkit2gtk3

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server 12 SP5-LTSSwebkit2gtk3-devel

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5libjavascriptcoregtk-4_0-18

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5libwebkit2gtk-4_0-37

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5libwebkit2gtk3-lang

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5typelib-1_0-JavaScriptCore-4_0

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5typelib-1_0-WebKit2-4_0

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5webkit2gtk-4_0-injected-bundles

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5webkit2gtk3

Fixed in:

2.50.4-4.51.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5webkit2gtk3-devel

Fixed in:

2.50.4-4.51.1

References

REPORThttps://bugzilla.suse.com/1255183 REPORThttps://bugzilla.suse.com/1255191 REPORThttps://bugzilla.suse.com/1255194 REPORThttps://bugzilla.suse.com/1255195 REPORThttps://bugzilla.suse.com/1255198 REPORThttps://bugzilla.suse.com/1255200 REPORThttps://bugzilla.suse.com/1255497 WEBhttps://www.suse.com/security/cve/CVE-2025-14174 WEBhttps://www.suse.com/security/cve/CVE-2025-43501 WEBhttps://www.suse.com/security/cve/CVE-2025-43529 WEBhttps://www.suse.com/security/cve/CVE-2025-43531 WEBhttps://www.suse.com/security/cve/CVE-2025-43535 WEBhttps://www.suse.com/security/cve/CVE-2025-43536 WEBhttps://www.suse.com/security/cve/CVE-2025-43541 ADVISORYhttps://www.suse.com/support/update/announcement/2025/suse-su-20254528-1/

SUSE-SU-2025:4528-1

Details

Affected Packages

References

Upstream

Related

Ecosystems

Timeline