- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202501-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: QtWebEngine: Multiple Vulnerabilities
Date: January 23, 2025
Bugs: #944807
ID: 202501-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in QtWebEngine, the worst
of which could lead to arbitrary code execution.

Background
==========

QtWebEngine is a library for rendering dynamic web content in Qt5 and
Qt6 C++ and QML applications.

Affected packages
=================

Package Vulnerable Unaffected
------------------ ------------------- -------------------- dev-qt/qtwebengine < 5.15.16_p20241115 >= 5.15.16_p20241115

Description
===========

Multiple vulnerabilities have been discovered in QtWebEngine. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All QtWebEngine users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.16_p20241115"

References
==========

[ 1 ] CVE-2024-4058
https://nvd.nist.gov/vuln/detail/CVE-2024-4058
[ 2 ] CVE-2024-4059
https://nvd.nist.gov/vuln/detail/CVE-2024-4059
[ 3 ] CVE-2024-4060
https://nvd.nist.gov/vuln/detail/CVE-2024-4060
[ 4 ] CVE-2024-4558
https://nvd.nist.gov/vuln/detail/CVE-2024-4558
[ 5 ] CVE-2024-4559
https://nvd.nist.gov/vuln/detail/CVE-2024-4559
[ 6 ] CVE-2024-4761
https://nvd.nist.gov/vuln/detail/CVE-2024-4761
[ 7 ] CVE-2024-5157
https://nvd.nist.gov/vuln/detail/CVE-2024-5157
[ 8 ] CVE-2024-5158
https://nvd.nist.gov/vuln/detail/CVE-2024-5158
[ 9 ] CVE-2024-5159
https://nvd.nist.gov/vuln/detail/CVE-2024-5159
[ 10 ] CVE-2024-5160
https://nvd.nist.gov/vuln/detail/CVE-2024-5160
[ 11 ] CVE-2024-5830
https://nvd.nist.gov/vuln/detail/CVE-2024-5830
[ 12 ] CVE-2024-5831
https://nvd.nist.gov/vuln/detail/CVE-2024-5831
[ 13 ] CVE-2024-5832
https://nvd.nist.gov/vuln/detail/CVE-2024-5832
[ 14 ] CVE-2024-5833
https://nvd.nist.gov/vuln/detail/CVE-2024-5833
[ 15 ] CVE-2024-5834
https://nvd.nist.gov/vuln/detail/CVE-2024-5834
[ 16 ] CVE-2024-5835
https://nvd.nist.gov/vuln/detail/CVE-2024-5835
[ 17 ] CVE-2024-5836
https://nvd.nist.gov/vuln/detail/CVE-2024-5836
[ 18 ] CVE-2024-5837
https://nvd.nist.gov/vuln/detail/CVE-2024-5837
[ 19 ] CVE-2024-5838
https://nvd.nist.gov/vuln/detail/CVE-2024-5838
[ 20 ] CVE-2024-5839
https://nvd.nist.gov/vuln/detail/CVE-2024-5839
[ 21 ] CVE-2024-5840
https://nvd.nist.gov/vuln/detail/CVE-2024-5840
[ 22 ] CVE-2024-5841
https://nvd.nist.gov/vuln/detail/CVE-2024-5841
[ 23 ] CVE-2024-5842
https://nvd.nist.gov/vuln/detail/CVE-2024-5842
[ 24 ] CVE-2024-5843
https://nvd.nist.gov/vuln/detail/CVE-2024-5843
[ 25 ] CVE-2024-5844
https://nvd.nist.gov/vuln/detail/CVE-2024-5844
[ 26 ] CVE-2024-5845
https://nvd.nist.gov/vuln/detail/CVE-2024-5845
[ 27 ] CVE-2024-5846
https://nvd.nist.gov/vuln/detail/CVE-2024-5846
[ 28 ] CVE-2024-5847
https://nvd.nist.gov/vuln/detail/CVE-2024-5847
[ 29 ] CVE-2024-6290
https://nvd.nist.gov/vuln/detail/CVE-2024-6290
[ 30 ] CVE-2024-6291
https://nvd.nist.gov/vuln/detail/CVE-2024-6291
[ 31 ] CVE-2024-6292
https://nvd.nist.gov/vuln/detail/CVE-2024-6292
[ 32 ] CVE-2024-6293
https://nvd.nist.gov/vuln/detail/CVE-2024-6293
[ 33 ] CVE-2024-6988
https://nvd.nist.gov/vuln/detail/CVE-2024-6988
[ 34 ] CVE-2024-6989
https://nvd.nist.gov/vuln/detail/CVE-2024-6989
[ 35 ] CVE-2024-6991
https://nvd.nist.gov/vuln/detail/CVE-2024-6991
[ 36 ] CVE-2024-6994
https://nvd.nist.gov/vuln/detail/CVE-2024-6994
[ 37 ] CVE-2024-6995
https://nvd.nist.gov/vuln/detail/CVE-2024-6995
[ 38 ] CVE-2024-6996
https://nvd.nist.gov/vuln/detail/CVE-2024-6996
[ 39 ] CVE-2024-6997
https://nvd.nist.gov/vuln/detail/CVE-2024-6997
[ 40 ] CVE-2024-6998
https://nvd.nist.gov/vuln/detail/CVE-2024-6998
[ 41 ] CVE-2024-6999
https://nvd.nist.gov/vuln/detail/CVE-2024-6999
[ 42 ] CVE-2024-7000
https://nvd.nist.gov/vuln/detail/CVE-2024-7000
[ 43 ] CVE-2024-7001
https://nvd.nist.gov/vuln/detail/CVE-2024-7001
[ 44 ] CVE-2024-7003
https://nvd.nist.gov/vuln/detail/CVE-2024-7003
[ 45 ] CVE-2024-7004
https://nvd.nist.gov/vuln/detail/CVE-2024-7004
[ 46 ] CVE-2024-7005
https://nvd.nist.gov/vuln/detail/CVE-2024-7005
[ 47 ] CVE-2024-7532
https://nvd.nist.gov/vuln/detail/CVE-2024-7532
[ 48 ] CVE-2024-7533
https://nvd.nist.gov/vuln/detail/CVE-2024-7533
[ 49 ] CVE-2024-7534
https://nvd.nist.gov/vuln/detail/CVE-2024-7534
[ 50 ] CVE-2024-7535
https://nvd.nist.gov/vuln/detail/CVE-2024-7535
[ 51 ] CVE-2024-7536
https://nvd.nist.gov/vuln/detail/CVE-2024-7536
[ 52 ] CVE-2024-7550
https://nvd.nist.gov/vuln/detail/CVE-2024-7550
[ 53 ] CVE-2024-7964
https://nvd.nist.gov/vuln/detail/CVE-2024-7964
[ 54 ] CVE-2024-7965
https://nvd.nist.gov/vuln/detail/CVE-2024-7965
[ 55 ] CVE-2024-7966
https://nvd.nist.gov/vuln/detail/CVE-2024-7966
[ 56 ] CVE-2024-7967
https://nvd.nist.gov/vuln/detail/CVE-2024-7967
[ 57 ] CVE-2024-7968
https://nvd.nist.gov/vuln/detail/CVE-2024-7968
[ 58 ] CVE-2024-7969
https://nvd.nist.gov/vuln/detail/CVE-2024-7969
[ 59 ] CVE-2024-7971
https://nvd.nist.gov/vuln/detail/CVE-2024-7971
[ 60 ] CVE-2024-7972
https://nvd.nist.gov/vuln/detail/CVE-2024-7972
[ 61 ] CVE-2024-7973
https://nvd.nist.gov/vuln/detail/CVE-2024-7973
[ 62 ] CVE-2024-7974
https://nvd.nist.gov/vuln/detail/CVE-2024-7974
[ 63 ] CVE-2024-7975
https://nvd.nist.gov/vuln/detail/CVE-2024-7975
[ 64 ] CVE-2024-7976
https://nvd.nist.gov/vuln/detail/CVE-2024-7976
[ 65 ] CVE-2024-7977
https://nvd.nist.gov/vuln/detail/CVE-2024-7977
[ 66 ] CVE-2024-7978
https://nvd.nist.gov/vuln/detail/CVE-2024-7978
[ 67 ] CVE-2024-7979
https://nvd.nist.gov/vuln/detail/CVE-2024-7979
[ 68 ] CVE-2024-7980
https://nvd.nist.gov/vuln/detail/CVE-2024-7980
[ 69 ] CVE-2024-7981
https://nvd.nist.gov/vuln/detail/CVE-2024-7981
[ 70 ] CVE-2024-8033
https://nvd.nist.gov/vuln/detail/CVE-2024-8033
[ 71 ] CVE-2024-8034
https://nvd.nist.gov/vuln/detail/CVE-2024-8034
[ 72 ] CVE-2024-8035
https://nvd.nist.gov/vuln/detail/CVE-2024-8035
[ 73 ] CVE-2024-8193
https://nvd.nist.gov/vuln/detail/CVE-2024-8193
[ 74 ] CVE-2024-8194
https://nvd.nist.gov/vuln/detail/CVE-2024-8194
[ 75 ] CVE-2024-8198
https://nvd.nist.gov/vuln/detail/CVE-2024-8198
[ 76 ] CVE-2024-8636
https://nvd.nist.gov/vuln/detail/CVE-2024-8636
[ 77 ] CVE-2024-8637
https://nvd.nist.gov/vuln/detail/CVE-2024-8637
[ 78 ] CVE-2024-8638
https://nvd.nist.gov/vuln/detail/CVE-2024-8638
[ 79 ] CVE-2024-8639
https://nvd.nist.gov/vuln/detail/CVE-2024-8639
[ 80 ] CVE-2024-9120
https://nvd.nist.gov/vuln/detail/CVE-2024-9120
[ 81 ] CVE-2024-9121
https://nvd.nist.gov/vuln/detail/CVE-2024-9121
[ 82 ] CVE-2024-9122
https://nvd.nist.gov/vuln/detail/CVE-2024-9122
[ 83 ] CVE-2024-9123
https://nvd.nist.gov/vuln/detail/CVE-2024-9123
[ 84 ] CVE-2024-9602
https://nvd.nist.gov/vuln/detail/CVE-2024-9602
[ 85 ] CVE-2024-9603
https://nvd.nist.gov/vuln/detail/CVE-2024-9603
[ 86 ] CVE-2024-10229
https://nvd.nist.gov/vuln/detail/CVE-2024-10229
[ 87 ] CVE-2024-10230
https://nvd.nist.gov/vuln/detail/CVE-2024-10230
[ 88 ] CVE-2024-10231
https://nvd.nist.gov/vuln/detail/CVE-2024-10231
[ 89 ] CVE-2024-10826
https://nvd.nist.gov/vuln/detail/CVE-2024-10826
[ 90 ] CVE-2024-10827
https://nvd.nist.gov/vuln/detail/CVE-2024-10827
[ 91 ] CVE-2024-45490
https://nvd.nist.gov/vuln/detail/CVE-2024-45490
[ 92 ] CVE-2024-45491
https://nvd.nist.gov/vuln/detail/CVE-2024-45491
[ 93 ] CVE-2024-45492
https://nvd.nist.gov/vuln/detail/CVE-2024-45492

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202501-09

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License
=======

Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmeR7jAACgkQFMQkOaVy +9lyYQ//UWaz17Sci0cWFBzyIh4xKKwbfX0wKTYFCaLVYs4i1+b5i9aA8bEUzW2W CGlyIXPGuSDseac/E7JjYWQE0KOcQdlIP58O1O8/zjStQf87UbgPUudUvwxDuKjw njKg1RmJ32yuuDguHgBhX1cfnrMfBesxPW2/w8rqmOCjO8LuQhFsrH83OUIwFOT0 MCI/kg6gmkpn96R1CLrz0Q6OJKuB3/KrctKF39GOkQMdCOhsn3WKSI1QwMRbFEAs YfzIRvQKVhr6Iwaizi/Ya9mnexYn7HyWl7Bhs0229abrFe1rOCkENFykRxdROqRL nXOBW1nIM+uQS8JbEIddUoBjij1Aka36z++Y3AB+OEnCwHmNmUT2eZLQCaNEF3gU NVOHDpC3TELu1U1hg3fLZZirjHC6giMLm3PW3WK0nYSr6gTOFnnR6TktC/gYAj8P QPODS9xOvbSOSDlOkQ1Bpj+l1xfD1bdnxkCBa68I7mSDyaN6k78liFR8NsfMh5LQ R8BFXWtpysRvHXBPSxqMHxRX2x8Zt+UEovdfWiLsKpFDBfmwtSJV3rmO5L2343dK Vv+oof6Csljjl0zG3enu8wj7oyBXZHXkJpzocn/NxKlwoSSGptw72Kn/wdO8wwzE dJSggyv7hCLfsJX2P3Zu96qQXNw7vJS9j4WzlFq5XxiCpljcU4s=
=1rSI
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)