Detections
Analytics

SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2026:1139-1)

medium Nessus Plugin ID 304374

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1139-1 advisory.

 Update to version 2.52.0:

 - CVE-2023-43010: processing maliciously crafted web content may lead to memory corruption (bsc#1259950).
 - CVE-2025-31223: processing maliciously crafted web content may lead to memory corruption (bsc#1259949).
 - CVE-2025-31277: processing maliciously crafted web content may lead to memory corruption (bsc#1259948).
 - CVE-2025-43213: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259947).
 - CVE-2025-43214: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259946).
 - CVE-2025-43433: processing maliciously crafted web content may lead to memory corruption (bsc#1259945).
 - CVE-2025-43438: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259944).
 - CVE-2025-43441: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259943).
 - CVE-2025-43457: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259942).
 - CVE-2025-43511: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259941).
 - CVE-2025-46299: processing maliciously crafted web content may disclose internal states of an app (bsc#1259940).
 - CVE-2026-20608: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259939).
 - CVE-2026-20635: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259938).
 - CVE-2026-20636: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259937).
 - CVE-2026-20644: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259936).
 - CVE-2026-20652: a remote attacker may be able to cause a denial-of-service (bsc#1259935).
 - CVE-2026-20676: a website may be able to track users through web extensions (bsc#1259934).

 Changelog:

 - Make scrolling with touch input smoother for small movements.
 + Fix estimated load progress of downloads when Content-Length value is wrong.
 + Ensure that 'scrollend' events are correctly emitted after scroll animations.
 + Fix several crashes and rendering issues.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1259934

https://bugzilla.suse.com/1259935

https://bugzilla.suse.com/1259936

https://bugzilla.suse.com/1259937

https://bugzilla.suse.com/1259938

https://bugzilla.suse.com/1259939

https://bugzilla.suse.com/1259940

https://bugzilla.suse.com/1259941

https://bugzilla.suse.com/1259942

https://bugzilla.suse.com/1259943

https://bugzilla.suse.com/1259944

https://bugzilla.suse.com/1259945

https://bugzilla.suse.com/1259946

https://bugzilla.suse.com/1259947

https://bugzilla.suse.com/1259948

https://bugzilla.suse.com/1259949

https://bugzilla.suse.com/1259950

http://www.nessus.org/u?9ac57582

https://www.suse.com/security/cve/CVE-2023-42843

https://www.suse.com/security/cve/CVE-2023-43010

https://www.suse.com/security/cve/CVE-2024-54658

https://www.suse.com/security/cve/CVE-2025-13502

https://www.suse.com/security/cve/CVE-2025-31223

https://www.suse.com/security/cve/CVE-2025-31277

https://www.suse.com/security/cve/CVE-2025-43213

https://www.suse.com/security/cve/CVE-2025-43214

https://www.suse.com/security/cve/CVE-2025-43368

https://www.suse.com/security/cve/CVE-2025-43419

https://www.suse.com/security/cve/CVE-2025-43433

https://www.suse.com/security/cve/CVE-2025-43434

https://www.suse.com/security/cve/CVE-2025-43438

https://www.suse.com/security/cve/CVE-2025-43440

https://www.suse.com/security/cve/CVE-2025-43441

https://www.suse.com/security/cve/CVE-2025-43443

https://www.suse.com/security/cve/CVE-2025-43457

https://www.suse.com/security/cve/CVE-2025-43511

https://www.suse.com/security/cve/CVE-2025-46299

https://www.suse.com/security/cve/CVE-2026-20608

https://www.suse.com/security/cve/CVE-2026-20635

https://www.suse.com/security/cve/CVE-2026-20636

https://www.suse.com/security/cve/CVE-2026-20644

https://www.suse.com/security/cve/CVE-2026-20652

https://www.suse.com/security/cve/CVE-2026-20676

Plugin Details

Severity: Medium

ID: 304374

File Name: suse_SU-2026-1139-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 3/31/2026

Updated: 3/31/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2026-20676

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0, p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18, p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang, p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37, p-cpe:/a:novell:suse_linux:webkit2gtk3-devel, p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0, p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles, p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/30/2026

Vulnerability Publication Date: 1/22/2024

CISA Known Exploited Vulnerability Due Dates: 4/3/2026

Reference Information

CVE: CVE-2023-42843, CVE-2023-43010, CVE-2024-54658, CVE-2025-13502, CVE-2025-31223, CVE-2025-31277, CVE-2025-43213, CVE-2025-43214, CVE-2025-43368, CVE-2025-43419, CVE-2025-43433, CVE-2025-43434, CVE-2025-43438, CVE-2025-43440, CVE-2025-43441, CVE-2025-43443, CVE-2025-43457, CVE-2025-43511, CVE-2025-46299, CVE-2026-20608, CVE-2026-20635, CVE-2026-20636, CVE-2026-20644, CVE-2026-20652, CVE-2026-20676

SuSE: SUSE-SU-2026:1139-1