Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Gentoo: GLSA-202501-09 critical: QtWebEngine multiple issues

gentoo
Calendar Grey January 23, 2025
Dist Gentoo Esm H88
Several flaws in QtWebEngine could pose significant security threats. Urgent measures advised for all individuals.
Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution.

Summary

Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory high severity arbitrary code execution gentoo linux qtwebengine

Resolution

All QtWebEngine users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.16_p20241115"

References

[ 1 ] CVE-2024-4058 https://nvd.nist.gov/vuln/detail/CVE-2024-4058 [ 2 ] CVE-2024-4059 https://nvd.nist.gov/vuln/detail/CVE-2024-4059 [ 3 ] CVE-2024-4060 https://nvd.nist.gov/vuln/detail/CVE-2024-4060 [ 4 ] CVE-2024-4558 https://nvd.nist.gov/vuln/detail/CVE-2024-4558 [ 5 ] CVE-2024-4559 https://nvd.nist.gov/vuln/detail/CVE-2024-4559 [ 6 ] CVE-2024-4761 https://nvd.nist.gov/vuln/detail/CVE-2024-4761 [ 7 ] CVE-2024-5157 https://nvd.nist.gov/vuln/detail/CVE-2024-5157 [ 8 ] CVE-2024-5158 https://nvd.nist.gov/vuln/detail/CVE-2024-5158 [ 9 ] CVE-2024-5159 https://nvd.nist.gov/vuln/detail/CVE-2024-5159 [ 10 ] CVE-2024-5160 https://nvd.nist.gov/vuln/detail/CVE-2024-5160 [ 11 ] CVE-2024-5830 https://nvd.nist.gov/vuln/detail/CVE-2024-5830 [ 12 ] CVE-2024-5831 https://nvd.nist.gov/vuln/detail/CVE-2024-5831 [ 13 ] CVE-2024-5832 https://nvd.nist.gov/vuln/detail/CVE-2024-5832 [ 14 ] CVE-2024-5833 https://nvd.nist....

Read the Full Advisory

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202501-09
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: High
Title: QtWebEngine: Multiple Vulnerabilities
Date: January 23, 2025
Bugs: #944807
ID: 202501-09

Topics%20covered

Topics Covered

security advisory high severity arbitrary code execution gentoo linux qtwebengine

Synopsis

Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution.

Background

QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Package Vulnerable Unaffected ------------------ ------------------- -------------------- dev-qt/qtwebengine < 5.15.16_p20241115 >= 5.15.16_p20241115

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Your message here