SUSE-SU-2025%3A4527-1
This update for webkit2gtk3 fixes the following issues: Update to version 2.50.4. Security issues fixed: - CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation (bsc#1255497). - CVE-2025-43501: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer overflow issue (bsc#1255194). - CVE-2025-43529: processing maliciously crafted web content may lead to arbitrary code execution due to a use-after-free issue (bsc#1255198). - CVE-2025-43531: processing maliciously crafted web content may lead to an unexpected process crash due to a race condition (bsc#1255183). - CVE-2025-43535: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1255195). - CVE-2025-43536: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1255200). - CVE-2025-43541: processing maliciously crafted web content may lead to an unexpected process crash due to type confusion (bsc#1255191). Other updates and bugfixes: - Version 2.50.4: * Correctly handle the program name passed to the sleep disabler. * Ensure GStreamer is initialized before using the Quirks. * Fix several crashes and rendering issues. - Fix a11y regression where AT-SPI roles were mapped incorrectly.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS | webkit2gtk4 | 0, 0 |
| SUSE:Manager Server LTS 4.3 | webkit2gtk3-soup2 | 0, 0 |
| SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS | webkit2gtk3-soup2 | 0, 0 |
| SUSE:Linux Enterprise Server for SAP Applications 15 SP4 | webkit2gtk4 | 0, 0 |
| SUSE:Linux Enterprise Server for SAP Applications 15 SP4 | webkit2gtk3-soup2 | 0, 0 |
| SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS | webkit2gtk3-soup2 | 0, 0 |
| SUSE:Linux Enterprise Server 15 SP4-LTSS | webkit2gtk4 | 0, 0 |
| SUSE:Linux Enterprise Server for SAP Applications 15 SP5 | webkit2gtk3 | 0, 0 |
| SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS | webkit2gtk4 | 0, 0 |
| SUSE:Linux Enterprise Server 15 SP5-LTSS | webkit2gtk3 | 0, 0 |
| SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS | webkit2gtk3 | 0, 0 |
| SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS | webkit2gtk3-soup2 | 0, 0 |
| SUSE:Linux Enterprise Server for SAP Applications 15 SP5 | webkit2gtk4 | 0, 0 |
| SUSE:Linux Enterprise Server 15 SP5-LTSS | webkit2gtk4 | 0, 0 |
| SUSE:Linux Enterprise Server for SAP Applications 15 SP4 | webkit2gtk3 | 0, 0 |
| SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS | webkit2gtk4 | 0, 0 |
| SUSE:Linux Enterprise Server 15 SP4-LTSS | webkit2gtk3-soup2 | 0, 0 |
| SUSE:Manager Proxy LTS 4.3 | webkit2gtk3-soup2 | 0, 0 |
| SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS | webkit2gtk3-soup2 | 0, 0 |
| SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS | webkit2gtk3 | 0, 0 |
…and 6 more
Timeline
- Dec 26, 2025 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://www.suse.com/support/update/announcement/2025/suse-su-20254527-1/ advisory
- https://bugzilla.suse.com/1255183 report
- https://bugzilla.suse.com/1255191 report
- https://bugzilla.suse.com/1255194 report
- https://bugzilla.suse.com/1255195 report
- https://bugzilla.suse.com/1255198 report
- https://bugzilla.suse.com/1255200 report
- https://bugzilla.suse.com/1255497 report
- https://www.suse.com/security/cve/CVE-2025-14174 url
- https://www.suse.com/security/cve/CVE-2025-43501 url
- https://www.suse.com/security/cve/CVE-2025-43529 url
- https://www.suse.com/security/cve/CVE-2025-43531 url
- https://www.suse.com/security/cve/CVE-2025-43535 url
- https://www.suse.com/security/cve/CVE-2025-43536 url
- https://www.suse.com/security/cve/CVE-2025-43541 url