- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202311-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: QtWebEngine: Multiple Vulnerabilities Date: November 25, 2023 Bugs: #866332, #888181, #903544, #904290, #906857, #909778 ID: 202311-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Background ========= QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Affected packages ================ Package Vulnerable Unaffected ------------------ ------------------- -------------------- dev-qt/qtwebengine < 5.15.10_p20230623 >= 5.15.10_p20230623 Description ========== Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All QtWebEngine users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">Þv-qt/qtwebengine-5.15.10_p20230623" References ========= [ 1 ] CVE-2022-2294 https://nvd.nist.gov/vuln/detail/CVE-2022-2294 [ 2 ] CVE-2022-3201 https://nvd.nist.gov/vuln/detail/CVE-2022-3201 [ 3 ] CVE-2022-4174 https://nvd.nist.gov/vuln/detail/CVE-2022-4174 [ 4 ] CVE-2022-4175 https://nvd.nist.gov/vuln/detail/CVE-2022-4175 [ 5 ] CVE-2022-4176 https://nvd.nist.gov/vuln/detail/CVE-2022-4176 [ 6 ] CVE-2022-4177 https://nvd.nist.gov/vuln/detail/CVE-2022-4177 [ 7 ] CVE-2022-4178 https://nvd.nist.gov/vuln/detail/CVE-2022-4178 [ 8 ] CVE-2022-4179 https://nvd.nist.gov/vuln/detail/CVE-2022-4179 [ 9 ] CVE-2022-4180 https://nvd.nist.gov/vuln/detail/CVE-2022-4180 [ 10 ] CVE-2022-4181 https://nvd.nist.gov/vuln/detail/CVE-2022-4181 [ 11 ] CVE-2022-4182 https://nvd.nist.gov/vuln/detail/CVE-2022-4182 [ 12 ] CVE-2022-4183 https://nvd.nist.gov/vuln/detail/CVE-2022-4183 [ 13 ] CVE-2022-4184 https://nvd.nist.gov/vuln/detail/CVE-2022-4184 [ 14 ] CVE-2022-4185 https://nvd.nist.gov/vuln/detail/CVE-2022-4185 [ 15 ] CVE-2022-4186 https://nvd.nist.gov/vuln/detail/CVE-2022-4186 [ 16 ] CVE-2022-4187 https://nvd.nist.gov/vuln/detail/CVE-2022-4187 [ 17 ] CVE-2022-4188 https://nvd.nist.gov/vuln/detail/CVE-2022-4188 [ 18 ] CVE-2022-4189 https://nvd.nist.gov/vuln/detail/CVE-2022-4189 [ 19 ] CVE-2022-4190 https://nvd.nist.gov/vuln/detail/CVE-2022-4190 [ 20 ] CVE-2022-4191 https://nvd.nist.gov/vuln/detail/CVE-2022-4191 [ 21 ] CVE-2022-4192 https://nvd.nist.gov/vuln/detail/CVE-2022-4192 [ 22 ] CVE-2022-4193 https://nvd.nist.gov/vuln/detail/CVE-2022-4193 [ 23 ] CVE-2022-4194 https://nvd.nist.gov/vuln/detail/CVE-2022-4194 [ 24 ] CVE-2022-4195 https://nvd.nist.gov/vuln/detail/CVE-2022-4195 [ 25 ] CVE-2022-4436 https://nvd.nist.gov/vuln/detail/CVE-2022-4436 [ 26 ] CVE-2022-4437 https://nvd.nist.gov/vuln/detail/CVE-2022-4437 [ 27 ] CVE-2022-4438 https://nvd.nist.gov/vuln/detail/CVE-2022-4438 [ 28 ] CVE-2022-4439 https://nvd.nist.gov/vuln/detail/CVE-2022-4439 [ 29 ] CVE-2022-4440 https://nvd.nist.gov/vuln/detail/CVE-2022-4440 [ 30 ] CVE-2022-41115 https://nvd.nist.gov/vuln/detail/CVE-2022-41115 [ 31 ] CVE-2022-44688 https://nvd.nist.gov/vuln/detail/CVE-2022-44688 [ 32 ] CVE-2022-44708 https://nvd.nist.gov/vuln/detail/CVE-2022-44708 [ 33 ] CVE-2023-0128 https://nvd.nist.gov/vuln/detail/CVE-2023-0128 [ 34 ] CVE-2023-0129 https://nvd.nist.gov/vuln/detail/CVE-2023-0129 [ 35 ] CVE-2023-0130 https://nvd.nist.gov/vuln/detail/CVE-2023-0130 [ 36 ] CVE-2023-0131 https://nvd.nist.gov/vuln/detail/CVE-2023-0131 [ 37 ] CVE-2023-0132 https://nvd.nist.gov/vuln/detail/CVE-2023-0132 [ 38 ] CVE-2023-0133 https://nvd.nist.gov/vuln/detail/CVE-2023-0133 [ 39 ] CVE-2023-0134 https://nvd.nist.gov/vuln/detail/CVE-2023-0134 [ 40 ] CVE-2023-0135 https://nvd.nist.gov/vuln/detail/CVE-2023-0135 [ 41 ] CVE-2023-0136 https://nvd.nist.gov/vuln/detail/CVE-2023-0136 [ 42 ] CVE-2023-0137 https://nvd.nist.gov/vuln/detail/CVE-2023-0137 [ 43 ] CVE-2023-0138 https://nvd.nist.gov/vuln/detail/CVE-2023-0138 [ 44 ] CVE-2023-0139 https://nvd.nist.gov/vuln/detail/CVE-2023-0139 [ 45 ] CVE-2023-0140 https://nvd.nist.gov/vuln/detail/CVE-2023-0140 [ 46 ] CVE-2023-0141 https://nvd.nist.gov/vuln/detail/CVE-2023-0141 [ 47 ] CVE-2023-2721 https://nvd.nist.gov/vuln/detail/CVE-2023-2721 [ 48 ] CVE-2023-2722 https://nvd.nist.gov/vuln/detail/CVE-2023-2722 [ 49 ] CVE-2023-2723 https://nvd.nist.gov/vuln/detail/CVE-2023-2723 [ 50 ] CVE-2023-2724 https://nvd.nist.gov/vuln/detail/CVE-2023-2724 [ 51 ] CVE-2023-2725 https://nvd.nist.gov/vuln/detail/CVE-2023-2725 [ 52 ] CVE-2023-2726 https://nvd.nist.gov/vuln/detail/CVE-2023-2726 [ 53 ] CVE-2023-2929 https://nvd.nist.gov/vuln/detail/CVE-2023-2929 [ 54 ] CVE-2023-2930 https://nvd.nist.gov/vuln/detail/CVE-2023-2930 [ 55 ] CVE-2023-2931 https://nvd.nist.gov/vuln/detail/CVE-2023-2931 [ 56 ] CVE-2023-2932 https://nvd.nist.gov/vuln/detail/CVE-2023-2932 [ 57 ] CVE-2023-2933 https://nvd.nist.gov/vuln/detail/CVE-2023-2933 [ 58 ] CVE-2023-2934 https://nvd.nist.gov/vuln/detail/CVE-2023-2934 [ 59 ] CVE-2023-2935 https://nvd.nist.gov/vuln/detail/CVE-2023-2935 [ 60 ] CVE-2023-2936 https://nvd.nist.gov/vuln/detail/CVE-2023-2936 [ 61 ] CVE-2023-2937 https://nvd.nist.gov/vuln/detail/CVE-2023-2937 [ 62 ] CVE-2023-2938 https://nvd.nist.gov/vuln/detail/CVE-2023-2938 [ 63 ] CVE-2023-2939 https://nvd.nist.gov/vuln/detail/CVE-2023-2939 [ 64 ] CVE-2023-2940 https://nvd.nist.gov/vuln/detail/CVE-2023-2940 [ 65 ] CVE-2023-2941 https://nvd.nist.gov/vuln/detail/CVE-2023-2941 [ 66 ] CVE-2023-3079 https://nvd.nist.gov/vuln/detail/CVE-2023-3079 [ 67 ] CVE-2023-3214 https://nvd.nist.gov/vuln/detail/CVE-2023-3214 [ 68 ] CVE-2023-3215 https://nvd.nist.gov/vuln/detail/CVE-2023-3215 [ 69 ] CVE-2023-3216 https://nvd.nist.gov/vuln/detail/CVE-2023-3216 [ 70 ] CVE-2023-3217 https://nvd.nist.gov/vuln/detail/CVE-2023-3217 [ 71 ] CVE-2023-4068 https://nvd.nist.gov/vuln/detail/CVE-2023-4068 [ 72 ] CVE-2023-4069 https://nvd.nist.gov/vuln/detail/CVE-2023-4069 [ 73 ] CVE-2023-4070 https://nvd.nist.gov/vuln/detail/CVE-2023-4070 [ 74 ] CVE-2023-4071 https://nvd.nist.gov/vuln/detail/CVE-2023-4071 [ 75 ] CVE-2023-4072 https://nvd.nist.gov/vuln/detail/CVE-2023-4072 [ 76 ] CVE-2023-4073 https://nvd.nist.gov/vuln/detail/CVE-2023-4073 [ 77 ] CVE-2023-4074 https://nvd.nist.gov/vuln/detail/CVE-2023-4074 [ 78 ] CVE-2023-4075 https://nvd.nist.gov/vuln/detail/CVE-2023-4075 [ 79 ] CVE-2023-4076 https://nvd.nist.gov/vuln/detail/CVE-2023-4076 [ 80 ] CVE-2023-4077 https://nvd.nist.gov/vuln/detail/CVE-2023-4077 [ 81 ] CVE-2023-4078 https://nvd.nist.gov/vuln/detail/CVE-2023-4078 [ 82 ] CVE-2023-4761 https://nvd.nist.gov/vuln/detail/CVE-2023-4761 [ 83 ] CVE-2023-4762 https://nvd.nist.gov/vuln/detail/CVE-2023-4762 [ 84 ] CVE-2023-4763 https://nvd.nist.gov/vuln/detail/CVE-2023-4763 [ 85 ] CVE-2023-4764 https://nvd.nist.gov/vuln/detail/CVE-2023-4764 [ 86 ] CVE-2023-5218 https://nvd.nist.gov/vuln/detail/CVE-2023-5218 [ 87 ] CVE-2023-5473 https://nvd.nist.gov/vuln/detail/CVE-2023-5473 [ 88 ] CVE-2023-5474 https://nvd.nist.gov/vuln/detail/CVE-2023-5474 [ 89 ] CVE-2023-5475 https://nvd.nist.gov/vuln/detail/CVE-2023-5475 [ 90 ] CVE-2023-5476 https://nvd.nist.gov/vuln/detail/CVE-2023-5476 [ 91 ] CVE-2023-5477 https://nvd.nist.gov/vuln/detail/CVE-2023-5477 [ 92 ] CVE-2023-5478 https://nvd.nist.gov/vuln/detail/CVE-2023-5478 [ 93 ] CVE-2023-5479 https://nvd.nist.gov/vuln/detail/CVE-2023-5479 [ 94 ] CVE-2023-5480 https://nvd.nist.gov/vuln/detail/CVE-2023-5480 [ 95 ] CVE-2023-5481 https://nvd.nist.gov/vuln/detail/CVE-2023-5481 [ 96 ] CVE-2023-5482 https://nvd.nist.gov/vuln/detail/CVE-2023-5482 [ 97 ] CVE-2023-5483 https://nvd.nist.gov/vuln/detail/CVE-2023-5483 [ 98 ] CVE-2023-5484 https://nvd.nist.gov/vuln/detail/CVE-2023-5484 [ 99 ] CVE-2023-5485 https://nvd.nist.gov/vuln/detail/CVE-2023-5485 [ 100 ] CVE-2023-5486 https://nvd.nist.gov/vuln/detail/CVE-2023-5486 [ 101 ] CVE-2023-5487 https://nvd.nist.gov/vuln/detail/CVE-2023-5487 [ 102 ] CVE-2023-5849 https://nvd.nist.gov/vuln/detail/CVE-2023-5849 [ 103 ] CVE-2023-5850 https://nvd.nist.gov/vuln/detail/CVE-2023-5850 [ 104 ] CVE-2023-5851 https://nvd.nist.gov/vuln/detail/CVE-2023-5851 [ 105 ] CVE-2023-5852 https://nvd.nist.gov/vuln/detail/CVE-2023-5852 [ 106 ] CVE-2023-5853 https://nvd.nist.gov/vuln/detail/CVE-2023-5853 [ 107 ] CVE-2023-5854 https://nvd.nist.gov/vuln/detail/CVE-2023-5854 [ 108 ] CVE-2023-5855 https://nvd.nist.gov/vuln/detail/CVE-2023-5855 [ 109 ] CVE-2023-5856 https://nvd.nist.gov/vuln/detail/CVE-2023-5856 [ 110 ] CVE-2023-5857 https://nvd.nist.gov/vuln/detail/CVE-2023-5857 [ 111 ] CVE-2023-5858 https://nvd.nist.gov/vuln/detail/CVE-2023-5858 [ 112 ] CVE-2023-5859 https://nvd.nist.gov/vuln/detail/CVE-2023-5859 [ 113 ] CVE-2023-5996 https://nvd.nist.gov/vuln/detail/CVE-2023-5996 [ 114 ] CVE-2023-5997 https://nvd.nist.gov/vuln/detail/CVE-2023-5997 [ 115 ] CVE-2023-6112 https://nvd.nist.gov/vuln/detail/CVE-2023-6112 [ 116 ] CVE-2023-21775 https://nvd.nist.gov/vuln/detail/CVE-2023-21775 [ 117 ] CVE-2023-21796 https://nvd.nist.gov/vuln/detail/CVE-2023-21796 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202311-11 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5