Security update for webkit2gtk3 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4423-1 Final 1 1 2025-12-17T11:01:39Z current 2025-12-17T11:01:39Z 2025-12-17T11:01:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for webkit2gtk3 This update for webkit2gtk3 fixes the following issues: Update to version 2.50.3. Security issues fixed: - CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of-bounds read and an integer underflow (bsc#1254208). - CVE-2025-13947: use of the file drag-and-drop mechanism may lead to remote information disclosure due to a lack of verification of the origins of drag operations (bsc#1254473). - CVE-2025-43392: websites may exfiltrate image data cross-origin due to issues with cache handling (bsc#1254165). - CVE-2025-43421: processing maliciously crafted web content may lead to an unexpected process crash due to enabled array allocation sinking (bsc#1254167). - CVE-2025-43425: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1254168). - CVE-2025-43427: processing maliciously crafted web content may lead to an unexpected process crash due to issues with state management (bsc#1254169). - CVE-2025-43429: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer overflow issue (bsc#1254174). - CVE-2025-43430: processing maliciously crafted web content may lead to an unexpected process crash due to issues with state management (bsc#1254172). - CVE-2025-43431: processing maliciously crafted web content may lead to memory corruption due to improper memory handling (bsc#1254170). - CVE-2025-43432: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1254171). - CVE-2025-43434: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1254179). - CVE-2025-43440: processing maliciously crafted web content may lead to an unexpected process crash due to missing checks (bsc#1254177). - CVE-2025-43443: processing maliciously crafted web content may lead to an unexpected process crash due to missing checks (bsc#1254176). - CVE-2025-43458: processing maliciously crafted web content may lead to an unexpected process crash due to issues with state management (bsc#1254498). - CVE-2025-66287: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1254509). Other issues fixed and changes: - Version 2.50.3: * Fix seeking and looping of media elements that set the 'loop' property. * Fix several crashes and rendering issues. - Version 2.50.2: * Prevent unsafe URI schemes from participating in media playback. * Make jsc_value_array_buffer_get_data() function introspectable. * Fix logging in to Google accounts that have a WebAuthn second factor configured. * Fix loading webkit://gpu when there are no threads configured for GPU rendering. * Fix rendering gradiants that use the CSS hue interpolation method. * Fix pasting image data from the clipboard. * Fix font-family selection when the font name contains spaces. * Fix the build with standard C libraries that lack execinfo.h, like Musl or uClibc. * Fix capturing canvas snapshots in the Web Inspector. * Fix several crashes and rendering issues. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4423,SUSE-SLE-SERVER-12-SP5-LTSS-2025-4423,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4423 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ Link for SUSE-SU-2025:4423-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023572.html E-Mail link for SUSE-SU-2025:4423-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1254164 SUSE Bug 1254164 https://bugzilla.suse.com/1254165 SUSE Bug 1254165 https://bugzilla.suse.com/1254166 SUSE Bug 1254166 https://bugzilla.suse.com/1254167 SUSE Bug 1254167 https://bugzilla.suse.com/1254168 SUSE Bug 1254168 https://bugzilla.suse.com/1254169 SUSE Bug 1254169 https://bugzilla.suse.com/1254170 SUSE Bug 1254170 https://bugzilla.suse.com/1254171 SUSE Bug 1254171 https://bugzilla.suse.com/1254172 SUSE Bug 1254172 https://bugzilla.suse.com/1254174 SUSE Bug 1254174 https://bugzilla.suse.com/1254175 SUSE Bug 1254175 https://bugzilla.suse.com/1254176 SUSE Bug 1254176 https://bugzilla.suse.com/1254177 SUSE Bug 1254177 https://bugzilla.suse.com/1254179 SUSE Bug 1254179 https://bugzilla.suse.com/1254208 SUSE Bug 1254208 https://bugzilla.suse.com/1254473 SUSE Bug 1254473 https://bugzilla.suse.com/1254498 SUSE Bug 1254498 https://bugzilla.suse.com/1254509 SUSE Bug 1254509 https://www.suse.com/security/cve/CVE-2023-43000/ SUSE CVE CVE-2023-43000 page https://www.suse.com/security/cve/CVE-2025-13502/ SUSE CVE CVE-2025-13502 page https://www.suse.com/security/cve/CVE-2025-13947/ SUSE CVE CVE-2025-13947 page https://www.suse.com/security/cve/CVE-2025-43392/ SUSE CVE CVE-2025-43392 page https://www.suse.com/security/cve/CVE-2025-43419/ SUSE CVE CVE-2025-43419 page https://www.suse.com/security/cve/CVE-2025-43421/ SUSE CVE CVE-2025-43421 page https://www.suse.com/security/cve/CVE-2025-43425/ SUSE CVE CVE-2025-43425 page https://www.suse.com/security/cve/CVE-2025-43427/ SUSE CVE CVE-2025-43427 page https://www.suse.com/security/cve/CVE-2025-43429/ SUSE CVE CVE-2025-43429 page https://www.suse.com/security/cve/CVE-2025-43430/ SUSE CVE CVE-2025-43430 page https://www.suse.com/security/cve/CVE-2025-43431/ SUSE CVE CVE-2025-43431 page https://www.suse.com/security/cve/CVE-2025-43432/ SUSE CVE CVE-2025-43432 page https://www.suse.com/security/cve/CVE-2025-43434/ SUSE CVE CVE-2025-43434 page https://www.suse.com/security/cve/CVE-2025-43440/ SUSE CVE CVE-2025-43440 page https://www.suse.com/security/cve/CVE-2025-43443/ SUSE CVE CVE-2025-43443 page https://www.suse.com/security/cve/CVE-2025-43458/ SUSE CVE CVE-2025-43458 page https://www.suse.com/security/cve/CVE-2025-43480/ SUSE CVE CVE-2025-43480 page https://www.suse.com/security/cve/CVE-2025-66287/ SUSE CVE CVE-2025-66287 page SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 libjavascriptcoregtk-4_0-18-32bit-2.50.3-4.47.1 libjavascriptcoregtk-4_0-18-64bit-2.50.3-4.47.1 libwebkit2gtk-4_0-37-2.50.3-4.47.1 libwebkit2gtk-4_0-37-32bit-2.50.3-4.47.1 libwebkit2gtk-4_0-37-64bit-2.50.3-4.47.1 libwebkit2gtk3-lang-2.50.3-4.47.1 typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 webkit-jsc-4-2.50.3-4.47.1 webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 webkit2gtk3-devel-2.50.3-4.47.1 webkit2gtk3-minibrowser-2.50.3-4.47.1 libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libwebkit2gtk-4_0-37-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libwebkit2gtk3-lang-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS webkit2gtk3-devel-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libwebkit2gtk-4_0-37-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libwebkit2gtk3-lang-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 webkit2gtk3-devel-2.50.3-4.47.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web content may lead to memory corruption. CVE-2023-43000 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2023-43000.html CVE-2023-43000 https://bugzilla.suse.com/1254164 SUSE Bug 1254164 A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server. CVE-2025-13502 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-13502.html CVE-2025-13502 https://bugzilla.suse.com/1254208 SUSE Bug 1254208 A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser. CVE-2025-13947 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-13947.html CVE-2025-13947 https://bugzilla.suse.com/1254473 SUSE Bug 1254473 The issue was addressed with improved handling of caches. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. A website may exfiltrate image data cross-origin. CVE-2025-43392 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-43392.html CVE-2025-43392 https://bugzilla.suse.com/1254165 SUSE Bug 1254165 The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Processing maliciously crafted web content may lead to memory corruption. CVE-2025-43419 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-43419.html CVE-2025-43419 https://bugzilla.suse.com/1254166 SUSE Bug 1254166 Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, Safari 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-43421 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-43421.html CVE-2025-43421 https://bugzilla.suse.com/1254167 SUSE Bug 1254167 The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-43425 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-43425.html CVE-2025-43425 https://bugzilla.suse.com/1254168 SUSE Bug 1254168 This issue was addressed through improved state management. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-43427 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-43427.html CVE-2025-43427 https://bugzilla.suse.com/1254169 SUSE Bug 1254169 A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-43429 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-43429.html CVE-2025-43429 https://bugzilla.suse.com/1254174 SUSE Bug 1254174 This issue was addressed through improved state management. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-43430 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-43430.html CVE-2025-43430 https://bugzilla.suse.com/1254172 SUSE Bug 1254172 The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to memory corruption. CVE-2025-43431 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-43431.html CVE-2025-43431 https://bugzilla.suse.com/1254170 SUSE Bug 1254170 A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-43432 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-43432.html CVE-2025-43432 https://bugzilla.suse.com/1254171 SUSE Bug 1254171 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash. CVE-2025-43434 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-43434.html CVE-2025-43434 https://bugzilla.suse.com/1254179 SUSE Bug 1254179 This issue was addressed with improved checks This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-43440 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-43440.html CVE-2025-43440 https://bugzilla.suse.com/1254177 SUSE Bug 1254177 This issue was addressed with improved checks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-43443 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-43443.html CVE-2025-43443 https://bugzilla.suse.com/1254176 SUSE Bug 1254176 This issue was addressed through improved state management. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-43458 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-43458.html CVE-2025-43458 https://bugzilla.suse.com/1254498 SUSE Bug 1254498 The issue was addressed with improved checks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. A malicious website may exfiltrate data cross-origin. CVE-2025-43480 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-43480.html CVE-2025-43480 https://bugzilla.suse.com/1254175 SUSE Bug 1254175 A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling. CVE-2025-66287 SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server 12 SP5-LTSS:webkit2gtk3-devel-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.50.3-4.47.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk3-devel-2.50.3-4.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254423-1/ https://www.suse.com/security/cve/CVE-2025-66287.html CVE-2025-66287 https://bugzilla.suse.com/1254509 SUSE Bug 1254509