Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Fedora 25: FEDORA-2017-58cde32413 Critical: qt5-qtwebengine DoS

fedora
Calendar Grey July 12, 2017
Dist Fedora Esm H88
QtWebEngine version 5.9.0 brings essential security patches addressing vulnerabilities found in 5.8.0. It's recommended to update for a more secure web browsing experience.
This update updates QtWebEngine to the 5.9.0 release

Summary

Qt5 - QtWebEngine components.

This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part

of the Qt 5.9.0 release, but only the QtWebEngine component is included in this

update. The update fixes the following security issues in QtWebEngine 5.8.0:

CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010,

CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015,

CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020,

CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025,

CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032, CVE-2017-5033,

CVE-2017-5034, CVE-2017-5036, CVE-2017-5039, CVE-2017-5040, CVE-2017-5044,

CVE-2017-5045, CVE-2017-5046, CVE-2017-5052, CVE-2017-5053, CVE-2017-5055,

CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061,

CVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, and

CVE-2017-5069. Other important changes include: * Based on Chromium

56.0.2924.122 with security fixes from Chromium up to version 58.0.3029.96.

(5.8.0 was based on Chromium 53.0.2785.148 with security fixes from Chromium up

to version 55.0.2883.75.) * [QTBUG-54650, QTBUG-59922] Accessibility is now

disabled by default on Linux, like it is in Chrome, due to poor options for

enabling it conditionally and its heavy performance impact. Set the environment

variable `QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY` to enable it again. *

[QTBUG-56531] Enabled `filesystem:` protocol handler. * [QTBUG-57720] Optimized

incremental scene-graph rendering in particular for software rendering. *

[QTBUG-60049] Enabled brotli support. * Many bug fixes, see

https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.9.0?h=5.9 for

details. In addition, this build includes a fix for

https://qt-project.atlassian.net//browse/QTBUG-61521 , a binary incompatibility in

QtWebEngine 5.9.0 compared to 5.8.0.

su -c 'dnf upgrade qt5-qtwebengine' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory security issue software update Fedora critical fix qtwebengine 5.9.0

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 25
Version: 5.9.0
Release: 4.fc25
URL: https://www.qt.io/
Summary: Qt5 - QtWebEngine components

Topics%20covered

Topics Covered

security advisory security issue software update Fedora critical fix qtwebengine 5.9.0

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here