- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202101-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Qt WebEngine: Multiple vulnerabilities
     Date: January 26, 2021
     Bugs: #734600, #754852
       ID: 202101-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Qt WebEngine, the worst of
which could result in the arbitrary execution of code.

Background
==========

Library for rendering dynamic web content in Qt5 C++ and QML
applications.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  dev-qt/qtwebengine           < 5.15.2                  >= 5.15.2

Description
===========

Multiple vulnerabilities have been discovered in Qt WebEngine. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Qt WebEngine users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.2"

References
==========

[   1 ] CVE-2020-15959
        https://nvd.nist.gov/vuln/detail/CVE-2020-15959
[   2 ] CVE-2020-15959
        https://nvd.nist.gov/vuln/detail/CVE-2020-15959
[   3 ] CVE-2020-15960
        https://nvd.nist.gov/vuln/detail/CVE-2020-15960
[   4 ] CVE-2020-15960
        https://nvd.nist.gov/vuln/detail/CVE-2020-15960
[   5 ] CVE-2020-15961
        https://nvd.nist.gov/vuln/detail/CVE-2020-15961
[   6 ] CVE-2020-15961
        https://nvd.nist.gov/vuln/detail/CVE-2020-15961
[   7 ] CVE-2020-15962
        https://nvd.nist.gov/vuln/detail/CVE-2020-15962
[   8 ] CVE-2020-15962
        https://nvd.nist.gov/vuln/detail/CVE-2020-15962
[   9 ] CVE-2020-15963
        https://nvd.nist.gov/vuln/detail/CVE-2020-15963
[  10 ] CVE-2020-15963
        https://nvd.nist.gov/vuln/detail/CVE-2020-15963
[  11 ] CVE-2020-15964
        https://nvd.nist.gov/vuln/detail/CVE-2020-15964
[  12 ] CVE-2020-15964
        https://nvd.nist.gov/vuln/detail/CVE-2020-15964
[  13 ] CVE-2020-15965
        https://nvd.nist.gov/vuln/detail/CVE-2020-15965
[  14 ] CVE-2020-15965
        https://nvd.nist.gov/vuln/detail/CVE-2020-15965
[  15 ] CVE-2020-15966
        https://nvd.nist.gov/vuln/detail/CVE-2020-15966
[  16 ] CVE-2020-15966
        https://nvd.nist.gov/vuln/detail/CVE-2020-15966
[  17 ] CVE-2020-15968
        https://nvd.nist.gov/vuln/detail/CVE-2020-15968
[  18 ] CVE-2020-15968
        https://nvd.nist.gov/vuln/detail/CVE-2020-15968
[  19 ] CVE-2020-15969
        https://nvd.nist.gov/vuln/detail/CVE-2020-15969
[  20 ] CVE-2020-15969
        https://nvd.nist.gov/vuln/detail/CVE-2020-15969
[  21 ] CVE-2020-15972
        https://nvd.nist.gov/vuln/detail/CVE-2020-15972
[  22 ] CVE-2020-15972
        https://nvd.nist.gov/vuln/detail/CVE-2020-15972
[  23 ] CVE-2020-15974
        https://nvd.nist.gov/vuln/detail/CVE-2020-15974
[  24 ] CVE-2020-15974
        https://nvd.nist.gov/vuln/detail/CVE-2020-15974
[  25 ] CVE-2020-15976
        https://nvd.nist.gov/vuln/detail/CVE-2020-15976
[  26 ] CVE-2020-15976
        https://nvd.nist.gov/vuln/detail/CVE-2020-15976
[  27 ] CVE-2020-15977
        https://nvd.nist.gov/vuln/detail/CVE-2020-15977
[  28 ] CVE-2020-15977
        https://nvd.nist.gov/vuln/detail/CVE-2020-15977
[  29 ] CVE-2020-15978
        https://nvd.nist.gov/vuln/detail/CVE-2020-15978
[  30 ] CVE-2020-15978
        https://nvd.nist.gov/vuln/detail/CVE-2020-15978
[  31 ] CVE-2020-15979
        https://nvd.nist.gov/vuln/detail/CVE-2020-15979
[  32 ] CVE-2020-15979
        https://nvd.nist.gov/vuln/detail/CVE-2020-15979
[  33 ] CVE-2020-15985
        https://nvd.nist.gov/vuln/detail/CVE-2020-15985
[  34 ] CVE-2020-15985
        https://nvd.nist.gov/vuln/detail/CVE-2020-15985
[  35 ] CVE-2020-15987
        https://nvd.nist.gov/vuln/detail/CVE-2020-15987
[  36 ] CVE-2020-15987
        https://nvd.nist.gov/vuln/detail/CVE-2020-15987
[  37 ] CVE-2020-15989
        https://nvd.nist.gov/vuln/detail/CVE-2020-15989
[  38 ] CVE-2020-15989
        https://nvd.nist.gov/vuln/detail/CVE-2020-15989
[  39 ] CVE-2020-15992
        https://nvd.nist.gov/vuln/detail/CVE-2020-15992
[  40 ] CVE-2020-15992
        https://nvd.nist.gov/vuln/detail/CVE-2020-15992
[  41 ] CVE-2020-16001
        https://nvd.nist.gov/vuln/detail/CVE-2020-16001
[  42 ] CVE-2020-16001
        https://nvd.nist.gov/vuln/detail/CVE-2020-16001
[  43 ] CVE-2020-16002
        https://nvd.nist.gov/vuln/detail/CVE-2020-16002
[  44 ] CVE-2020-16002
        https://nvd.nist.gov/vuln/detail/CVE-2020-16002
[  45 ] CVE-2020-16003
        https://nvd.nist.gov/vuln/detail/CVE-2020-16003
[  46 ] CVE-2020-16003
        https://nvd.nist.gov/vuln/detail/CVE-2020-16003
[  47 ] CVE-2020-6467
        https://nvd.nist.gov/vuln/detail/CVE-2020-6467
[  48 ] CVE-2020-6467
        https://nvd.nist.gov/vuln/detail/CVE-2020-6467
[  49 ] CVE-2020-6470
        https://nvd.nist.gov/vuln/detail/CVE-2020-6470
[  50 ] CVE-2020-6470
        https://nvd.nist.gov/vuln/detail/CVE-2020-6470
[  51 ] CVE-2020-6471
        https://nvd.nist.gov/vuln/detail/CVE-2020-6471
[  52 ] CVE-2020-6471
        https://nvd.nist.gov/vuln/detail/CVE-2020-6471
[  53 ] CVE-2020-6472
        https://nvd.nist.gov/vuln/detail/CVE-2020-6472
[  54 ] CVE-2020-6473
        https://nvd.nist.gov/vuln/detail/CVE-2020-6473
[  55 ] CVE-2020-6474
        https://nvd.nist.gov/vuln/detail/CVE-2020-6474
[  56 ] CVE-2020-6475
        https://nvd.nist.gov/vuln/detail/CVE-2020-6475
[  57 ] CVE-2020-6476
        https://nvd.nist.gov/vuln/detail/CVE-2020-6476
[  58 ] CVE-2020-6480
        https://nvd.nist.gov/vuln/detail/CVE-2020-6480
[  59 ] CVE-2020-6481
        https://nvd.nist.gov/vuln/detail/CVE-2020-6481
[  60 ] CVE-2020-6482
        https://nvd.nist.gov/vuln/detail/CVE-2020-6482
[  61 ] CVE-2020-6483
        https://nvd.nist.gov/vuln/detail/CVE-2020-6483
[  62 ] CVE-2020-6486
        https://nvd.nist.gov/vuln/detail/CVE-2020-6486
[  63 ] CVE-2020-6487
        https://nvd.nist.gov/vuln/detail/CVE-2020-6487
[  64 ] CVE-2020-6489
        https://nvd.nist.gov/vuln/detail/CVE-2020-6489
[  65 ] CVE-2020-6490
        https://nvd.nist.gov/vuln/detail/CVE-2020-6490
[  66 ] CVE-2020-6506
        https://nvd.nist.gov/vuln/detail/CVE-2020-6506
[  67 ] CVE-2020-6510
        https://nvd.nist.gov/vuln/detail/CVE-2020-6510
[  68 ] CVE-2020-6511
        https://nvd.nist.gov/vuln/detail/CVE-2020-6511
[  69 ] CVE-2020-6512
        https://nvd.nist.gov/vuln/detail/CVE-2020-6512
[  70 ] CVE-2020-6513
        https://nvd.nist.gov/vuln/detail/CVE-2020-6513
[  71 ] CVE-2020-6514
        https://nvd.nist.gov/vuln/detail/CVE-2020-6514
[  72 ] CVE-2020-6518
        https://nvd.nist.gov/vuln/detail/CVE-2020-6518
[  73 ] CVE-2020-6523
        https://nvd.nist.gov/vuln/detail/CVE-2020-6523
[  74 ] CVE-2020-6524
        https://nvd.nist.gov/vuln/detail/CVE-2020-6524
[  75 ] CVE-2020-6526
        https://nvd.nist.gov/vuln/detail/CVE-2020-6526
[  76 ] CVE-2020-6529
        https://nvd.nist.gov/vuln/detail/CVE-2020-6529
[  77 ] CVE-2020-6530
        https://nvd.nist.gov/vuln/detail/CVE-2020-6530
[  78 ] CVE-2020-6531
        https://nvd.nist.gov/vuln/detail/CVE-2020-6531
[  79 ] CVE-2020-6532
        https://nvd.nist.gov/vuln/detail/CVE-2020-6532
[  80 ] CVE-2020-6533
        https://nvd.nist.gov/vuln/detail/CVE-2020-6533
[  81 ] CVE-2020-6534
        https://nvd.nist.gov/vuln/detail/CVE-2020-6534
[  82 ] CVE-2020-6535
        https://nvd.nist.gov/vuln/detail/CVE-2020-6535
[  83 ] CVE-2020-6540
        https://nvd.nist.gov/vuln/detail/CVE-2020-6540
[  84 ] CVE-2020-6541
        https://nvd.nist.gov/vuln/detail/CVE-2020-6541
[  85 ] CVE-2020-6542
        https://nvd.nist.gov/vuln/detail/CVE-2020-6542
[  86 ] CVE-2020-6543
        https://nvd.nist.gov/vuln/detail/CVE-2020-6543
[  87 ] CVE-2020-6544
        https://nvd.nist.gov/vuln/detail/CVE-2020-6544
[  88 ] CVE-2020-6545
        https://nvd.nist.gov/vuln/detail/CVE-2020-6545
[  89 ] CVE-2020-6548
        https://nvd.nist.gov/vuln/detail/CVE-2020-6548
[  90 ] CVE-2020-6549
        https://nvd.nist.gov/vuln/detail/CVE-2020-6549
[  91 ] CVE-2020-6550
        https://nvd.nist.gov/vuln/detail/CVE-2020-6550
[  92 ] CVE-2020-6551
        https://nvd.nist.gov/vuln/detail/CVE-2020-6551
[  93 ] CVE-2020-6555
        https://nvd.nist.gov/vuln/detail/CVE-2020-6555
[  94 ] CVE-2020-6557
        https://nvd.nist.gov/vuln/detail/CVE-2020-6557
[  95 ] CVE-2020-6559
        https://nvd.nist.gov/vuln/detail/CVE-2020-6559
[  96 ] CVE-2020-6561
        https://nvd.nist.gov/vuln/detail/CVE-2020-6561
[  97 ] CVE-2020-6562
        https://nvd.nist.gov/vuln/detail/CVE-2020-6562
[  98 ] CVE-2020-6569
        https://nvd.nist.gov/vuln/detail/CVE-2020-6569
[  99 ] CVE-2020-6570
        https://nvd.nist.gov/vuln/detail/CVE-2020-6570
[ 100 ] CVE-2020-6571
        https://nvd.nist.gov/vuln/detail/CVE-2020-6571
[ 101 ] CVE-2020-6573
        https://nvd.nist.gov/vuln/detail/CVE-2020-6573
[ 102 ] CVE-2020-6575
        https://nvd.nist.gov/vuln/detail/CVE-2020-6575
[ 103 ] CVE-2020-6576
        https://nvd.nist.gov/vuln/detail/CVE-2020-6576

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202101-30

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2021 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5