Fedora 29 : qt5-qtwebengine (2019-e5ff5d0ffd)

high Nessus Plugin ID 129857

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

A bugfix and security update of QtWebEngine to 5.12.5, the latest release from the 5.12 LTS branch.

Security fixes from Chromium up to version 76.0.3809.87, including :

- CVE-2019-5829

- CVE-2019-5831

- CVE-2019-5832

- CVE-2019-5837

- CVE-2019-5839

- CVE-2019-5842

- CVE-2019-5851

- CVE-2019-5852

- CVE-2019-5854

- CVE-2019-5855

- CVE-2019-5856

- CVE-2019-5857

- CVE-2019-5860

- CVE-2019-5861

- CVE-2019-5862

- CVE-2019-5865

- Critical security issue 977057

- Security bug 934161

- Security bug 939644

- Security bug 948172

- Security bug 948228

- Security bug 948944

- Security bug 950005

- Security bug 952849

- Security bug 956625

- Security bug 958457

- Security bug 958689

- Security bug 959193

- Security bug 959518

- Security bug 958717

- Security bug 960785

- Security bug 961674

- Security bug 961597

- Security bug 962083

- Security bug 964002

- Security bug 973893

- Security bug 974627

- Security bug 976050

- Security bug 981602

- Security bug 983850

- Security bug 983938

General bug fixes :

- [QTBUG-62106] Fixed possible crash after rapid tapping.

- [QTBUG-75884] Fixed crash on setHttpUserAgent.

- [QTBUG-76249] Fixed user-agent on some new windows.

- [QTBUG-76268] Fixed tab key send on minimize.

- [QTBUG-76347] Fixed duplicate events being send from tablets.

- [QTBUG-76828] Clear shared context on exit.

- [QTBUG-76958] Fixed possible crash when loading in background.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected qt5-qtwebengine package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2019-e5ff5d0ffd

Plugin Details

Severity: High

ID: 129857

File Name: fedora_2019-e5ff5d0ffd.nasl

Version: 1.2

Type: local

Agent: unix

Published: 10/15/2019

Updated: 12/19/2019

Supported Sensors: Frictionless Assessment Agent, Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine, cpe:/o:fedoraproject:fedora:29

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/14/2019

Vulnerability Publication Date: 6/27/2019

Reference Information

CVE: CVE-2019-5829, CVE-2019-5831, CVE-2019-5832, CVE-2019-5837, CVE-2019-5839, CVE-2019-5842, CVE-2019-5851, CVE-2019-5852, CVE-2019-5854, CVE-2019-5855, CVE-2019-5856, CVE-2019-5857, CVE-2019-5860, CVE-2019-5861, CVE-2019-5862, CVE-2019-5865