Linux Security
    Linux Security
    Linux Security

    ArchLinux: 202005-5: qutebrowser: certificate verification bypass

    Posted By
    The package qutebrowser before version 1.11.1-1 is vulnerable to certificate verification bypass.
    Arch Linux Security Advisory ASA-202005-5
    Severity: Low
    Date    : 2020-05-07
    CVE-ID  : CVE-2020-11054
    Package : qutebrowser
    Type    : certificate verification bypass
    Remote  : Yes
    Link    :
    The package qutebrowser before version 1.11.1-1 is vulnerable to
    certificate verification bypass.
    Upgrade to 1.11.1-1.
    # pacman -Syu "qutebrowser>=1.11.1-1"
    The problem has been fixed upstream in version 1.11.1.
    * Treat any host with a certificate exception as insecure, ignoring the
    URL color
    * Or set content.ssl_strict to True (instead of 'ask'), preventing
    certificate exceptions in the configuration
    In qutebrowser before version 1.11.1 there is an issue where after a
    certificate error was overridden by the user, qutebrowser displays the
    URL as yellow (colors.statusbar.url.warn.fg). However, when the
    affected website was subsequently loaded again, the URL was mistakenly
    displayed as green (colors.statusbar.url.success_https). While the user
    already has seen a certificate error prompt at this point (or set
    content.ssl_strict to false which is not recommended), this could still
    provide a false sense of security.
    The user might think the webpage is secure, when in reality it has an
    invalid certificate.


    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.