Security update for webkit2gtk3 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:1325-1 Final 1 1 2025-04-16T08:36:20Z current 2025-04-16T08:36:20Z 2025-04-16T08:36:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for webkit2gtk3 This update for webkit2gtk3 fixes the following issues: - Update to version 2.48.1 - CVE-2024-54551: improper memory handling may lead to a denial-of-service when processing certain web content (bsc#1240962) - CVE-2025-24208: permissions issue may lead to a cross-site scripting attack when loading a malicious iframe (bsc#1240961) - CVE-2025-24209: buffer overflow may lead to crash when processing maliciously crafted web content (bsc#1240964) - CVE-2025-24213: type confusion issue may lead to memory corruption (bsc#1240963) - CVE-2025-24216: improper memory handling may lead to an unexpected crash when processing certain web content (bsc#1240986) - CVE-2025-24264: improper memory handling may lead to unexpected crash when processing certain web content (bsc#1240987) - CVE-2025-30427: use-after-free issue may lead to an unexpected Safari crash when processing maliciously crafted web content (bsc#1240958) - CVE-2024-44192: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1239863) - CVE-2024-54467: a malicious website may exfiltrate data cross-origin due to a cookie management issue (bsc#1239864) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1325,SUSE-SLE-SERVER-12-SP5-LTSS-2025-1325,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1325 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20251325-1/ Link for SUSE-SU-2025:1325-1 https://lists.suse.com/pipermail/sle-updates/2025-April/039031.html E-Mail link for SUSE-SU-2025:1325-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1239863 SUSE Bug 1239863 https://bugzilla.suse.com/1239864 SUSE Bug 1239864 https://bugzilla.suse.com/1240958 SUSE Bug 1240958 https://bugzilla.suse.com/1240961 SUSE Bug 1240961 https://bugzilla.suse.com/1240962 SUSE Bug 1240962 https://bugzilla.suse.com/1240963 SUSE Bug 1240963 https://bugzilla.suse.com/1240964 SUSE Bug 1240964 https://bugzilla.suse.com/1240986 SUSE Bug 1240986 https://bugzilla.suse.com/1240987 SUSE Bug 1240987 https://www.suse.com/security/cve/CVE-2024-44192/ SUSE CVE CVE-2024-44192 page https://www.suse.com/security/cve/CVE-2024-54467/ SUSE CVE CVE-2024-54467 page https://www.suse.com/security/cve/CVE-2024-54551/ SUSE CVE CVE-2024-54551 page https://www.suse.com/security/cve/CVE-2025-24208/ SUSE CVE CVE-2025-24208 page https://www.suse.com/security/cve/CVE-2025-24209/ SUSE CVE CVE-2025-24209 page https://www.suse.com/security/cve/CVE-2025-24213/ SUSE CVE CVE-2025-24213 page https://www.suse.com/security/cve/CVE-2025-24216/ SUSE CVE CVE-2025-24216 page https://www.suse.com/security/cve/CVE-2025-24264/ SUSE CVE CVE-2025-24264 page https://www.suse.com/security/cve/CVE-2025-30427/ SUSE CVE CVE-2025-30427 page SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 libjavascriptcoregtk-4_0-18-32bit-2.48.1-4.34.1 libjavascriptcoregtk-4_0-18-64bit-2.48.1-4.34.1 libwebkit2gtk-4_0-37-2.48.1-4.34.1 libwebkit2gtk-4_0-37-32bit-2.48.1-4.34.1 libwebkit2gtk-4_0-37-64bit-2.48.1-4.34.1 libwebkit2gtk3-lang-2.48.1-4.34.1 typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 webkit-jsc-4-2.48.1-4.34.1 webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 webkit2gtk3-devel-2.48.1-4.34.1 webkit2gtk3-minibrowser-2.48.1-4.34.1 libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libwebkit2gtk-4_0-37-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libwebkit2gtk3-lang-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS webkit2gtk3-devel-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libwebkit2gtk-4_0-37-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libwebkit2gtk3-lang-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 webkit2gtk3-devel-2.48.1-4.34.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-44192 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.48.1-4.34.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251325-1/ https://www.suse.com/security/cve/CVE-2024-44192.html CVE-2024-44192 https://bugzilla.suse.com/1239863 SUSE Bug 1239863 A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. CVE-2024-54467 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.48.1-4.34.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251325-1/ https://www.suse.com/security/cve/CVE-2024-54467.html CVE-2024-54467 https://bugzilla.suse.com/1239864 SUSE Bug 1239864 The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service. CVE-2024-54551 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.48.1-4.34.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251325-1/ https://www.suse.com/security/cve/CVE-2024-54551.html CVE-2024-54551 https://bugzilla.suse.com/1240962 SUSE Bug 1240962 A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack. CVE-2025-24208 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.48.1-4.34.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251325-1/ https://www.suse.com/security/cve/CVE-2025-24208.html CVE-2025-24208 https://bugzilla.suse.com/1240961 SUSE Bug 1240961 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-24209 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.48.1-4.34.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251325-1/ https://www.suse.com/security/cve/CVE-2025-24209.html CVE-2025-24209 https://bugzilla.suse.com/1240964 SUSE Bug 1240964 This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A type confusion issue could lead to memory corruption. CVE-2025-24213 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.48.1-4.34.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251325-1/ https://www.suse.com/security/cve/CVE-2025-24213.html CVE-2025-24213 https://bugzilla.suse.com/1240963 SUSE Bug 1240963 The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. CVE-2025-24216 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.48.1-4.34.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251325-1/ https://www.suse.com/security/cve/CVE-2025-24216.html CVE-2025-24216 https://bugzilla.suse.com/1240986 SUSE Bug 1240986 The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. CVE-2025-24264 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.48.1-4.34.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251325-1/ https://www.suse.com/security/cve/CVE-2025-24264.html CVE-2025-24264 https://bugzilla.suse.com/1240987 SUSE Bug 1240987 A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. CVE-2025-30427 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.48.1-4.34.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.48.1-4.34.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251325-1/ https://www.suse.com/security/cve/CVE-2025-30427.html CVE-2025-30427 https://bugzilla.suse.com/1240958 SUSE Bug 1240958