FERRAMENTAS LINUX: Atualização de segurança do Gentoo para corrigir as vulnerabilidades múltiplas no Qt WebEngine, aviso Gentoo: GLSA-202101-30

terça-feira, 26 de janeiro de 2021

Atualização de segurança do Gentoo para corrigir as vulnerabilidades múltiplas no Qt WebEngine, aviso Gentoo: GLSA-202101-30

Confira !!


Várias vulnerabilidades foram encontradas no Qt WebEngine, a pior das quais pode resultar na execução arbitrária de código.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory GLSA 202101-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

                                           https://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


 Gravidade: normal

    Título: Qt WebEngine: vulnerabilidades múltiplas

     Data: 26 de janeiro de 2021

     Bugs: # 734600, # 754852

       ID: 202101-30


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Sinopse

========


Várias vulnerabilidades foram encontradas no Qt WebEngine, a pior das

o que pode resultar na execução arbitrária do código.


background

==========


Biblioteca para renderização de conteúdo dinâmico da web em Qt5 C ++ e QML

formulários.


Pacotes afetados

=================


    -------------------------------------------------- -----------------

     Pacote / Vulnerável / Não afetado

    -------------------------------------------------- -----------------

  1 dev-qt / qtwebengine <5.15.2> = 5.15.2


Descrição

===========


Várias vulnerabilidades foram descobertas no Qt WebEngine. Por favor

reveja os identificadores CVE mencionados abaixo para obter detalhes.


Impacto

======


Reveja os identificadores CVE referenciados para obter detalhes.


Workaround

==========


Não existe nenhuma solução conhecida neste momento.


Resolução

==========


Todos os usuários do Qt WebEngine devem atualizar para a versão mais recente:


  # emerge --sync

  # emerge --ask --oneshot --verbose "> = dev-qt / qtwebengine-5.15.2"


Referências

==========


[1] CVE-2020-15959

        https://nvd.nist.gov/vuln/detail/CVE-2020-15959

[2] CVE-2020-15959

        https://nvd.nist.gov/vuln/detail/CVE-2020-15959

[3] CVE-2020-15960

        https://nvd.nist.gov/vuln/detail/CVE-2020-15960

[4] CVE-2020-15960

        https://nvd.nist.gov/vuln/detail/CVE-2020-15960

[5] CVE-2020-15961

        https://nvd.nist.gov/vuln/detail/CVE-2020-15961

[6] CVE-2020-15961

        https://nvd.nist.gov/vuln/detail/CVE-2020-15961

[7] CVE-2020-15962

        https://nvd.nist.gov/vuln/detail/CVE-2020-15962

[8] CVE-2020-15962

        https://nvd.nist.gov/vuln/detail/CVE-2020-15962

[9] CVE-2020-15963

        https://nvd.nist.gov/vuln/detail/CVE-2020-15963

[10] CVE-2020-15963

        https://nvd.nist.gov/vuln/detail/CVE-2020-15963

[11] CVE-2020-15964

        https://nvd.nist.gov/vuln/detail/CVE-2020-15964

[12] CVE-2020-15964

        https://nvd.nist.gov/vuln/detail/CVE-2020-15964

[13] CVE-2020-15965

        https://nvd.nist.gov/vuln/detail/CVE-2020-15965

[14] CVE-2020-15965

        https://nvd.nist.gov/vuln/detail/CVE-2020-15965

[15] CVE-2020-15966

        https://nvd.nist.gov/vuln/detail/CVE-2020-15966

[16] CVE-2020-15966

        https://nvd.nist.gov/vuln/detail/CVE-2020-15966

[17] CVE-2020-15968

        https://nvd.nist.gov/vuln/detail/CVE-2020-15968

[18] CVE-2020-15968

        https://nvd.nist.gov/vuln/detail/CVE-2020-15968

[19] CVE-2020-15969

        https://nvd.nist.gov/vuln/detail/CVE-2020-15969

[20] CVE-2020-15969

        https://nvd.nist.gov/vuln/detail/CVE-2020-15969

[21] CVE-2020-15972

        https://nvd.nist.gov/vuln/detail/CVE-2020-15972

[22] CVE-2020-15972

        https://nvd.nist.gov/vuln/detail/CVE-2020-15972

[23] CVE-2020-15974

        https://nvd.nist.gov/vuln/detail/CVE-2020-15974

[24] CVE-2020-15974

        https://nvd.nist.gov/vuln/detail/CVE-2020-15974

[25] CVE-2020-15976

        https://nvd.nist.gov/vuln/detail/CVE-2020-15976

[26] CVE-2020-15976

        https://nvd.nist.gov/vuln/detail/CVE-2020-15976

[27] CVE-2020-15977

        https://nvd.nist.gov/vuln/detail/CVE-2020-15977

[28] CVE-2020-15977

        https://nvd.nist.gov/vuln/detail/CVE-2020-15977

[29] CVE-2020-15978

        https://nvd.nist.gov/vuln/detail/CVE-2020-15978

[30] CVE-2020-15978

        https://nvd.nist.gov/vuln/detail/CVE-2020-15978

[31] CVE-2020-15979

        https://nvd.nist.gov/vuln/detail/CVE-2020-15979

[32] CVE-2020-15979

        https://nvd.nist.gov/vuln/detail/CVE-2020-15979

[33] CVE-2020-15985

        https://nvd.nist.gov/vuln/detail/CVE-2020-15985

[34] CVE-2020-15985

        https://nvd.nist.gov/vuln/detail/CVE-2020-15985

[35] CVE-2020-15987

        https://nvd.nist.gov/vuln/detail/CVE-2020-15987

[36] CVE-2020-15987

        https://nvd.nist.gov/vuln/detail/CVE-2020-15987

[37] CVE-2020-15989

        https://nvd.nist.gov/vuln/detail/CVE-2020-15989

[38] CVE-2020-15989

        https://nvd.nist.gov/vuln/detail/CVE-2020-15989

[39] CVE-2020-15992

        https://nvd.nist.gov/vuln/detail/CVE-2020-15992

[40] CVE-2020-15992

        https://nvd.nist.gov/vuln/detail/CVE-2020-15992

[41] CVE-2020-16001

        https://nvd.nist.gov/vuln/detail/CVE-2020-16001

[42] CVE-2020-16001

        https://nvd.nist.gov/vuln/detail/CVE-2020-16001

[43] CVE-2020-16002

        https://nvd.nist.gov/vuln/detail/CVE-2020-16002

[44] CVE-2020-16002

        https://nvd.nist.gov/vuln/detail/CVE-2020-16002

[45] CVE-2020-16003

        https://nvd.nist.gov/vuln/detail/CVE-2020-16003

[46] CVE-2020-16003

        https://nvd.nist.gov/vuln/detail/CVE-2020-16003

[47] CVE-2020-6467

        https://nvd.nist.gov/vuln/detail/CVE-2020-6467

[48] ​​CVE-2020-6467

        https://nvd.nist.gov/vuln/detail/CVE-2020-6467

[49] CVE-2020-6470

        https://nvd.nist.gov/vuln/detail/CVE-2020-6470

[50] CVE-2020-6470

        https://nvd.nist.gov/vuln/detail/CVE-2020-6470

[51] CVE-2020-6471

        https://nvd.nist.gov/vuln/detail/CVE-2020-6471

[52] CVE-2020-6471

        https://nvd.nist.gov/vuln/detail/CVE-2020-6471

[53] CVE-2020-6472

        https://nvd.nist.gov/vuln/detail/CVE-2020-6472

[54] CVE-2020-6473

        https://nvd.nist.gov/vuln/detail/CVE-2020-6473

[55] CVE-2020-6474

        https://nvd.nist.gov/vuln/detail/CVE-2020-6474

[56] CVE-2020-6475

        https://nvd.nist.gov/vuln/detail/CVE-2020-6475

[57] CVE-2020-6476

        https://nvd.nist.gov/vuln/detail/CVE-2020-6476

[58] CVE-2020-6480

        https://nvd.nist.gov/vuln/detail/CVE-2020-6480

[59] CVE-2020-6481

        https://nvd.nist.gov/vuln/detail/CVE-2020-6481

[60] CVE-2020-6482

        https://nvd.nist.gov/vuln/detail/CVE-2020-6482

[61] CVE-2020-6483

        https://nvd.nist.gov/vuln/detail/CVE-2020-6483

[62] CVE-2020-6486

        https://nvd.nist.gov/vuln/detail/CVE-2020-6486

[63] CVE-2020-6487

        https://nvd.nist.gov/vuln/detail/CVE-2020-6487

[64] CVE-2020-6489

        https://nvd.nist.gov/vuln/detail/CVE-2020-6489

[65] CVE-2020-6490

        https://nvd.nist.gov/vuln/detail/CVE-2020-6490

[66] CVE-2020-6506

        https://nvd.nist.gov/vuln/detail/CVE-2020-6506

[67] CVE-2020-6510

        https://nvd.nist.gov/vuln/detail/CVE-2020-6510

[68] CVE-2020-6511

        https://nvd.nist.gov/vuln/detail/CVE-2020-6511

[69] CVE-2020-6512

        https://nvd.nist.gov/vuln/detail/CVE-2020-6512

[70] CVE-2020-6513

        https://nvd.nist.gov/vuln/detail/CVE-2020-6513

[71] CVE-2020-6514

        https://nvd.nist.gov/vuln/detail/CVE-2020-6514

[72] CVE-2020-6518

        https://nvd.nist.gov/vuln/detail/CVE-2020-6518

[73] CVE-2020-6523

        https://nvd.nist.gov/vuln/detail/CVE-2020-6523

[74] CVE-2020-6524

        https://nvd.nist.gov/vuln/detail/CVE-2020-6524

[75] CVE-2020-6526

        https://nvd.nist.gov/vuln/detail/CVE-2020-6526

[76] CVE-2020-6529

        https://nvd.nist.gov/vuln/detail/CVE-2020-6529

[77] CVE-2020-6530

        https://nvd.nist.gov/vuln/detail/CVE-2020-6530

[78] CVE-2020-6531

        https://nvd.nist.gov/vuln/detail/CVE-2020-6531

[79] CVE-2020-6532

        https://nvd.nist.gov/vuln/detail/CVE-2020-6532

[80] CVE-2020-6533

        https://nvd.nist.gov/vuln/detail/CVE-2020-6533

[81] CVE-2020-6534

        https://nvd.nist.gov/vuln/detail/CVE-2020-6534

[82] CVE-2020-6535

        https://nvd.nist.gov/vuln/detail/CVE-2020-6535

[83] CVE-2020-6540

        https://nvd.nist.gov/vuln/detail/CVE-2020-6540

[84] CVE-2020-6541

        https://nvd.nist.gov/vuln/detail/CVE-2020-6541

[85] CVE-2020-6542

        https://nvd.nist.gov/vuln/detail/CVE-2020-6542

[86] CVE-2020-6543

        https://nvd.nist.gov/vuln/detail/CVE-2020-6543

[87] CVE-2020-6544

        https://nvd.nist.gov/vuln/detail/CVE-2020-6544

[88] CVE-2020-6545

        https://nvd.nist.gov/vuln/detail/CVE-2020-6545

[89] CVE-2020-6548

        https://nvd.nist.gov/vuln/detail/CVE-2020-6548

[90] CVE-2020-6549

        https://nvd.nist.gov/vuln/detail/CVE-2020-6549

[91] CVE-2020-6550

        https://nvd.nist.gov/vuln/detail/CVE-2020-6550

[92] CVE-2020-6551

        https://nvd.nist.gov/vuln/detail/CVE-2020-6551

[93] CVE-2020-6555

        https://nvd.nist.gov/vuln/detail/CVE-2020-6555

[94] CVE-2020-6557

        https://nvd.nist.gov/vuln/detail/CVE-2020-6557

[95] CVE-2020-6559

        https://nvd.nist.gov/vuln/detail/CVE-2020-6559

[96] CVE-2020-6561

        https://nvd.nist.gov/vuln/detail/CVE-2020-6561

[97] CVE-2020-6562

        https://nvd.nist.gov/vuln/detail/CVE-2020-6562

[98] CVE-2020-6569

        https://nvd.nist.gov/vuln/detail/CVE-2020-6569

[99] CVE-2020-6570

        https://nvd.nist.gov/vuln/detail/CVE-2020-6570

[100] CVE-2020-6571

        https://nvd.nist.gov/vuln/detail/CVE-2020-6571

[101] CVE-2020-6573

        https://nvd.nist.gov/vuln/detail/CVE-2020-6573

[102] CVE-2020-6575

        https://nvd.nist.gov/vuln/detail/CVE-2020-6575

[103] CVE-2020-6576

        https://nvd.nist.gov/vuln/detail/CVE-2020-6576


Disponibilidade

============


Este GLSA e quaisquer atualizações estão disponíveis para visualização em

o site de segurança do Gentoo:


 https://security.gentoo.org/glsa/202101-30


Preocupações?

=========


A segurança é o foco principal do Gentoo Linux e garantindo o

confidencialidade e segurança das máquinas de nossos usuários é o máximo

importância para nós. Quaisquer questões de segurança devem ser encaminhadas para

security@gentoo.org ou alternativamente, você pode registrar um bug em

https://bugs.gentoo.org.


Licença

=======


Copyright 2021 Gentoo Foundation, Inc; texto referenciado

pertence ao (s) seu (s) proprietário (s).


O conteúdo deste documento está licenciado sob a

Creative Commons - Licença de atribuição / compartilhamento semelhante.


https://creativecommons.org/licenses/by-sa/2.5






Fonte

Até a próxima !!

Nenhum comentário:

Postar um comentário