Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sam James <sam@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202101-30 ] Qt WebEngine: Multiple vulnerabilities
Date: Tue, 26 Jan 2021 00:38:35
Message-Id: 94DAEB98-C2AB-453E-BDB9-F770E1ACDAEE@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202101-30
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Qt WebEngine: Multiple vulnerabilities
9 Date: January 26, 2021
10 Bugs: #734600, #754852
11 ID: 202101-30
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Qt WebEngine, the worst of
19 which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 Library for rendering dynamic web content in Qt5 C++ and QML
25 applications.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 dev-qt/qtwebengine < 5.15.2 >= 5.15.2
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Qt WebEngine. Please
39 review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 Please review the referenced CVE identifiers for details.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All Qt WebEngine users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.2"
58
59 References
60 ==========
61
62 [ 1 ] CVE-2020-15959
63 https://nvd.nist.gov/vuln/detail/CVE-2020-15959
64 [ 2 ] CVE-2020-15959
65 https://nvd.nist.gov/vuln/detail/CVE-2020-15959
66 [ 3 ] CVE-2020-15960
67 https://nvd.nist.gov/vuln/detail/CVE-2020-15960
68 [ 4 ] CVE-2020-15960
69 https://nvd.nist.gov/vuln/detail/CVE-2020-15960
70 [ 5 ] CVE-2020-15961
71 https://nvd.nist.gov/vuln/detail/CVE-2020-15961
72 [ 6 ] CVE-2020-15961
73 https://nvd.nist.gov/vuln/detail/CVE-2020-15961
74 [ 7 ] CVE-2020-15962
75 https://nvd.nist.gov/vuln/detail/CVE-2020-15962
76 [ 8 ] CVE-2020-15962
77 https://nvd.nist.gov/vuln/detail/CVE-2020-15962
78 [ 9 ] CVE-2020-15963
79 https://nvd.nist.gov/vuln/detail/CVE-2020-15963
80 [ 10 ] CVE-2020-15963
81 https://nvd.nist.gov/vuln/detail/CVE-2020-15963
82 [ 11 ] CVE-2020-15964
83 https://nvd.nist.gov/vuln/detail/CVE-2020-15964
84 [ 12 ] CVE-2020-15964
85 https://nvd.nist.gov/vuln/detail/CVE-2020-15964
86 [ 13 ] CVE-2020-15965
87 https://nvd.nist.gov/vuln/detail/CVE-2020-15965
88 [ 14 ] CVE-2020-15965
89 https://nvd.nist.gov/vuln/detail/CVE-2020-15965
90 [ 15 ] CVE-2020-15966
91 https://nvd.nist.gov/vuln/detail/CVE-2020-15966
92 [ 16 ] CVE-2020-15966
93 https://nvd.nist.gov/vuln/detail/CVE-2020-15966
94 [ 17 ] CVE-2020-15968
95 https://nvd.nist.gov/vuln/detail/CVE-2020-15968
96 [ 18 ] CVE-2020-15968
97 https://nvd.nist.gov/vuln/detail/CVE-2020-15968
98 [ 19 ] CVE-2020-15969
99 https://nvd.nist.gov/vuln/detail/CVE-2020-15969
100 [ 20 ] CVE-2020-15969
101 https://nvd.nist.gov/vuln/detail/CVE-2020-15969
102 [ 21 ] CVE-2020-15972
103 https://nvd.nist.gov/vuln/detail/CVE-2020-15972
104 [ 22 ] CVE-2020-15972
105 https://nvd.nist.gov/vuln/detail/CVE-2020-15972
106 [ 23 ] CVE-2020-15974
107 https://nvd.nist.gov/vuln/detail/CVE-2020-15974
108 [ 24 ] CVE-2020-15974
109 https://nvd.nist.gov/vuln/detail/CVE-2020-15974
110 [ 25 ] CVE-2020-15976
111 https://nvd.nist.gov/vuln/detail/CVE-2020-15976
112 [ 26 ] CVE-2020-15976
113 https://nvd.nist.gov/vuln/detail/CVE-2020-15976
114 [ 27 ] CVE-2020-15977
115 https://nvd.nist.gov/vuln/detail/CVE-2020-15977
116 [ 28 ] CVE-2020-15977
117 https://nvd.nist.gov/vuln/detail/CVE-2020-15977
118 [ 29 ] CVE-2020-15978
119 https://nvd.nist.gov/vuln/detail/CVE-2020-15978
120 [ 30 ] CVE-2020-15978
121 https://nvd.nist.gov/vuln/detail/CVE-2020-15978
122 [ 31 ] CVE-2020-15979
123 https://nvd.nist.gov/vuln/detail/CVE-2020-15979
124 [ 32 ] CVE-2020-15979
125 https://nvd.nist.gov/vuln/detail/CVE-2020-15979
126 [ 33 ] CVE-2020-15985
127 https://nvd.nist.gov/vuln/detail/CVE-2020-15985
128 [ 34 ] CVE-2020-15985
129 https://nvd.nist.gov/vuln/detail/CVE-2020-15985
130 [ 35 ] CVE-2020-15987
131 https://nvd.nist.gov/vuln/detail/CVE-2020-15987
132 [ 36 ] CVE-2020-15987
133 https://nvd.nist.gov/vuln/detail/CVE-2020-15987
134 [ 37 ] CVE-2020-15989
135 https://nvd.nist.gov/vuln/detail/CVE-2020-15989
136 [ 38 ] CVE-2020-15989
137 https://nvd.nist.gov/vuln/detail/CVE-2020-15989
138 [ 39 ] CVE-2020-15992
139 https://nvd.nist.gov/vuln/detail/CVE-2020-15992
140 [ 40 ] CVE-2020-15992
141 https://nvd.nist.gov/vuln/detail/CVE-2020-15992
142 [ 41 ] CVE-2020-16001
143 https://nvd.nist.gov/vuln/detail/CVE-2020-16001
144 [ 42 ] CVE-2020-16001
145 https://nvd.nist.gov/vuln/detail/CVE-2020-16001
146 [ 43 ] CVE-2020-16002
147 https://nvd.nist.gov/vuln/detail/CVE-2020-16002
148 [ 44 ] CVE-2020-16002
149 https://nvd.nist.gov/vuln/detail/CVE-2020-16002
150 [ 45 ] CVE-2020-16003
151 https://nvd.nist.gov/vuln/detail/CVE-2020-16003
152 [ 46 ] CVE-2020-16003
153 https://nvd.nist.gov/vuln/detail/CVE-2020-16003
154 [ 47 ] CVE-2020-6467
155 https://nvd.nist.gov/vuln/detail/CVE-2020-6467
156 [ 48 ] CVE-2020-6467
157 https://nvd.nist.gov/vuln/detail/CVE-2020-6467
158 [ 49 ] CVE-2020-6470
159 https://nvd.nist.gov/vuln/detail/CVE-2020-6470
160 [ 50 ] CVE-2020-6470
161 https://nvd.nist.gov/vuln/detail/CVE-2020-6470
162 [ 51 ] CVE-2020-6471
163 https://nvd.nist.gov/vuln/detail/CVE-2020-6471
164 [ 52 ] CVE-2020-6471
165 https://nvd.nist.gov/vuln/detail/CVE-2020-6471
166 [ 53 ] CVE-2020-6472
167 https://nvd.nist.gov/vuln/detail/CVE-2020-6472
168 [ 54 ] CVE-2020-6473
169 https://nvd.nist.gov/vuln/detail/CVE-2020-6473
170 [ 55 ] CVE-2020-6474
171 https://nvd.nist.gov/vuln/detail/CVE-2020-6474
172 [ 56 ] CVE-2020-6475
173 https://nvd.nist.gov/vuln/detail/CVE-2020-6475
174 [ 57 ] CVE-2020-6476
175 https://nvd.nist.gov/vuln/detail/CVE-2020-6476
176 [ 58 ] CVE-2020-6480
177 https://nvd.nist.gov/vuln/detail/CVE-2020-6480
178 [ 59 ] CVE-2020-6481
179 https://nvd.nist.gov/vuln/detail/CVE-2020-6481
180 [ 60 ] CVE-2020-6482
181 https://nvd.nist.gov/vuln/detail/CVE-2020-6482
182 [ 61 ] CVE-2020-6483
183 https://nvd.nist.gov/vuln/detail/CVE-2020-6483
184 [ 62 ] CVE-2020-6486
185 https://nvd.nist.gov/vuln/detail/CVE-2020-6486
186 [ 63 ] CVE-2020-6487
187 https://nvd.nist.gov/vuln/detail/CVE-2020-6487
188 [ 64 ] CVE-2020-6489
189 https://nvd.nist.gov/vuln/detail/CVE-2020-6489
190 [ 65 ] CVE-2020-6490
191 https://nvd.nist.gov/vuln/detail/CVE-2020-6490
192 [ 66 ] CVE-2020-6506
193 https://nvd.nist.gov/vuln/detail/CVE-2020-6506
194 [ 67 ] CVE-2020-6510
195 https://nvd.nist.gov/vuln/detail/CVE-2020-6510
196 [ 68 ] CVE-2020-6511
197 https://nvd.nist.gov/vuln/detail/CVE-2020-6511
198 [ 69 ] CVE-2020-6512
199 https://nvd.nist.gov/vuln/detail/CVE-2020-6512
200 [ 70 ] CVE-2020-6513
201 https://nvd.nist.gov/vuln/detail/CVE-2020-6513
202 [ 71 ] CVE-2020-6514
203 https://nvd.nist.gov/vuln/detail/CVE-2020-6514
204 [ 72 ] CVE-2020-6518
205 https://nvd.nist.gov/vuln/detail/CVE-2020-6518
206 [ 73 ] CVE-2020-6523
207 https://nvd.nist.gov/vuln/detail/CVE-2020-6523
208 [ 74 ] CVE-2020-6524
209 https://nvd.nist.gov/vuln/detail/CVE-2020-6524
210 [ 75 ] CVE-2020-6526
211 https://nvd.nist.gov/vuln/detail/CVE-2020-6526
212 [ 76 ] CVE-2020-6529
213 https://nvd.nist.gov/vuln/detail/CVE-2020-6529
214 [ 77 ] CVE-2020-6530
215 https://nvd.nist.gov/vuln/detail/CVE-2020-6530
216 [ 78 ] CVE-2020-6531
217 https://nvd.nist.gov/vuln/detail/CVE-2020-6531
218 [ 79 ] CVE-2020-6532
219 https://nvd.nist.gov/vuln/detail/CVE-2020-6532
220 [ 80 ] CVE-2020-6533
221 https://nvd.nist.gov/vuln/detail/CVE-2020-6533
222 [ 81 ] CVE-2020-6534
223 https://nvd.nist.gov/vuln/detail/CVE-2020-6534
224 [ 82 ] CVE-2020-6535
225 https://nvd.nist.gov/vuln/detail/CVE-2020-6535
226 [ 83 ] CVE-2020-6540
227 https://nvd.nist.gov/vuln/detail/CVE-2020-6540
228 [ 84 ] CVE-2020-6541
229 https://nvd.nist.gov/vuln/detail/CVE-2020-6541
230 [ 85 ] CVE-2020-6542
231 https://nvd.nist.gov/vuln/detail/CVE-2020-6542
232 [ 86 ] CVE-2020-6543
233 https://nvd.nist.gov/vuln/detail/CVE-2020-6543
234 [ 87 ] CVE-2020-6544
235 https://nvd.nist.gov/vuln/detail/CVE-2020-6544
236 [ 88 ] CVE-2020-6545
237 https://nvd.nist.gov/vuln/detail/CVE-2020-6545
238 [ 89 ] CVE-2020-6548
239 https://nvd.nist.gov/vuln/detail/CVE-2020-6548
240 [ 90 ] CVE-2020-6549
241 https://nvd.nist.gov/vuln/detail/CVE-2020-6549
242 [ 91 ] CVE-2020-6550
243 https://nvd.nist.gov/vuln/detail/CVE-2020-6550
244 [ 92 ] CVE-2020-6551
245 https://nvd.nist.gov/vuln/detail/CVE-2020-6551
246 [ 93 ] CVE-2020-6555
247 https://nvd.nist.gov/vuln/detail/CVE-2020-6555
248 [ 94 ] CVE-2020-6557
249 https://nvd.nist.gov/vuln/detail/CVE-2020-6557
250 [ 95 ] CVE-2020-6559
251 https://nvd.nist.gov/vuln/detail/CVE-2020-6559
252 [ 96 ] CVE-2020-6561
253 https://nvd.nist.gov/vuln/detail/CVE-2020-6561
254 [ 97 ] CVE-2020-6562
255 https://nvd.nist.gov/vuln/detail/CVE-2020-6562
256 [ 98 ] CVE-2020-6569
257 https://nvd.nist.gov/vuln/detail/CVE-2020-6569
258 [ 99 ] CVE-2020-6570
259 https://nvd.nist.gov/vuln/detail/CVE-2020-6570
260 [ 100 ] CVE-2020-6571
261 https://nvd.nist.gov/vuln/detail/CVE-2020-6571
262 [ 101 ] CVE-2020-6573
263 https://nvd.nist.gov/vuln/detail/CVE-2020-6573
264 [ 102 ] CVE-2020-6575
265 https://nvd.nist.gov/vuln/detail/CVE-2020-6575
266 [ 103 ] CVE-2020-6576
267 https://nvd.nist.gov/vuln/detail/CVE-2020-6576
268
269 Availability
270 ============
271
272 This GLSA and any updates to it are available for viewing at
273 the Gentoo Security Website:
274
275 https://security.gentoo.org/glsa/202101-30
276
277 Concerns?
278 =========
279
280 Security is a primary focus of Gentoo Linux and ensuring the
281 confidentiality and security of our users' machines is of utmost
282 importance to us. Any security concerns should be addressed to
283 security@g.o or alternatively, you may file a bug at
284 https://bugs.gentoo.org.
285
286 License
287 =======
288
289 Copyright 2021 Gentoo Foundation, Inc; referenced text
290 belongs to its owner(s).
291
292 The contents of this document are licensed under the
293 Creative Commons - Attribution / Share Alike license.
294
295 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups