New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
SynopsisThe remote Fedora host is missing a security update.
DescriptionAn update of QtWebEngine to the security and bugfix release 5.9.2, including :
Chromium Snapshot :
- Security fixes from Chromium up to version 61.0.3163.79 Including: CVE-2017-5092, CVE-2017-5093, CVE-2017-5095, CVE-2017-5097, CVE-2017-5099, CVE-2017-5102, CVE-2017-5103, CVE-2017-5107, CVE-2017-5112, CVE-2017-5114, CVE-2017-5117 and CVE-2017-5118
- Fixed Skia to to render text correctly with FreeType 2.8.1
- [QTBUG-50389] Fixed assert on some flash content
- [QTBUG-57505] Handle --force-webrtc-ip-handling-policy on command-line
- [QTBUG-58306] Fixed handling of menu key
- [QTBUG-60790] Fixed dragging images to desktop
- [QTBUG-61354] Set referrer on download requests
- [QTBUG-61429] Fixed cancelling IME composition
- [QTBUG-61506] Stop searching when navigating away
- [QTBUG-61910] Fixed an issue where system proxy settings were not picked up correctly
- [QTBUG-62112] Fixed upside-down rendering in software rendering mode
- [QTBUG-62112] Fixed rendering of content with preserve-3d in CSS
- [QTBUG-62311] Fixed hang when exiting with open combobox
- [QTBUG-62808] Handle --explicitly-allowed-ports on command-line
- [QTBUG-62898] Fixed accessing webchannels from document-creation user-scripts after navigation.
- [QTBUG-62942] Fixed committing IME composition on touch events
- [QTBUG-61621] Fixed propagation of unhandled key press events
Platform Specific Changes :
- [QTBUG-61528, QTBUG-62673] Fixed various multilib build configurations
- [QTBUG-61846] Fixed host builds on Arm and MIPS
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected qt5-qtwebengine package.