SUSE-SU-2024:4167-1

Advisory lineage Upstream: 5 Downstream: 0
Published: 04 Dec 2024, 10:32
Last modified:04 Feb 2026, 04:37

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

04 Dec 2024, 10:32
Published
Vulnerability first disclosed
04 Feb 2026, 04:37
Last Modified
Vulnerability information updated

Description

Security update for webkit2gtk3 This update for webkit2gtk3 fixes the following issues: Update to version 2.46.3 (bsc#1232747), including fixes for: - CVE-2024-44308: Fixed arbitrary code execution by not allocating DFG register after a slow path (bsc#1233631). - CVE-2024-44309: Fixed a data isolation bypass vulnerability (bsc#1233632). - CVE-2024-44244: Processing maliciously crafted web content may lead to an unexpected process crash. - CVE-2024-44296: Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Affected Systems

  • susewebkit2gtk3&distro=SUSE Enterprise Storage 7.1

    < 2.46.3-150200.127.1

  • susewebkit2gtk3&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

    < 2.46.3-150200.127.1

  • susewebkit2gtk3&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

    < 2.46.3-150200.127.1

  • susewebkit2gtk3&distro=SUSE Linux Enterprise Server 15 SP2-LTSS

    < 2.46.3-150200.127.1

  • susewebkit2gtk3&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

    < 2.46.3-150200.127.1

  • susewebkit2gtk3&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2

    < 2.46.3-150200.127.1

  • susewebkit2gtk3&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3

    < 2.46.3-150200.127.1

References (9)