- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202501-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: QtWebEngine: Multiple Vulnerabilities
     Date: January 23, 2025
     Bugs: #944807
       ID: 202501-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been discovered in QtWebEngine, the worst
of which could lead to arbitrary code execution.

Background
=========
QtWebEngine is a library for rendering dynamic web content in Qt5 and
Qt6 C++ and QML applications.

Affected packages
================
Package             Vulnerable           Unaffected
------------------  -------------------  --------------------
dev-qt/qtwebengine  < 5.15.16_p20241115  >= 5.15.16_p20241115

Description
==========
Multiple vulnerabilities have been discovered in QtWebEngine. Please
review the CVE identifiers referenced below for details.

Impact
=====
Please review the referenced CVE identifiers for details.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All QtWebEngine users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">Þv-qt/qtwebengine-5.15.16_p20241115"

References
=========
[ 1 ] CVE-2024-4058
      https://nvd.nist.gov/vuln/detail/CVE-2024-4058
[ 2 ] CVE-2024-4059
      https://nvd.nist.gov/vuln/detail/CVE-2024-4059
[ 3 ] CVE-2024-4060
      https://nvd.nist.gov/vuln/detail/CVE-2024-4060
[ 4 ] CVE-2024-4558
      https://nvd.nist.gov/vuln/detail/CVE-2024-4558
[ 5 ] CVE-2024-4559
      https://nvd.nist.gov/vuln/detail/CVE-2024-4559
[ 6 ] CVE-2024-4761
      https://nvd.nist.gov/vuln/detail/CVE-2024-4761
[ 7 ] CVE-2024-5157
      https://nvd.nist.gov/vuln/detail/CVE-2024-5157
[ 8 ] CVE-2024-5158
      https://nvd.nist.gov/vuln/detail/CVE-2024-5158
[ 9 ] CVE-2024-5159
      https://nvd.nist.gov/vuln/detail/CVE-2024-5159
[ 10 ] CVE-2024-5160
      https://nvd.nist.gov/vuln/detail/CVE-2024-5160
[ 11 ] CVE-2024-5830
      https://nvd.nist.gov/vuln/detail/CVE-2024-5830
[ 12 ] CVE-2024-5831
      https://nvd.nist.gov/vuln/detail/CVE-2024-5831
[ 13 ] CVE-2024-5832
      https://nvd.nist.gov/vuln/detail/CVE-2024-5832
[ 14 ] CVE-2024-5833
      https://nvd.nist.gov/vuln/detail/CVE-2024-5833
[ 15 ] CVE-2024-5834
      https://nvd.nist.gov/vuln/detail/CVE-2024-5834
[ 16 ] CVE-2024-5835
      https://nvd.nist.gov/vuln/detail/CVE-2024-5835
[ 17 ] CVE-2024-5836
      https://nvd.nist.gov/vuln/detail/CVE-2024-5836
[ 18 ] CVE-2024-5837
      https://nvd.nist.gov/vuln/detail/CVE-2024-5837
[ 19 ] CVE-2024-5838
      https://nvd.nist.gov/vuln/detail/CVE-2024-5838
[ 20 ] CVE-2024-5839
      https://nvd.nist.gov/vuln/detail/CVE-2024-5839
[ 21 ] CVE-2024-5840
      https://nvd.nist.gov/vuln/detail/CVE-2024-5840
[ 22 ] CVE-2024-5841
      https://nvd.nist.gov/vuln/detail/CVE-2024-5841
[ 23 ] CVE-2024-5842
      https://nvd.nist.gov/vuln/detail/CVE-2024-5842
[ 24 ] CVE-2024-5843
      https://nvd.nist.gov/vuln/detail/CVE-2024-5843
[ 25 ] CVE-2024-5844
      https://nvd.nist.gov/vuln/detail/CVE-2024-5844
[ 26 ] CVE-2024-5845
      https://nvd.nist.gov/vuln/detail/CVE-2024-5845
[ 27 ] CVE-2024-5846
      https://nvd.nist.gov/vuln/detail/CVE-2024-5846
[ 28 ] CVE-2024-5847
      https://nvd.nist.gov/vuln/detail/CVE-2024-5847
[ 29 ] CVE-2024-6290
      https://nvd.nist.gov/vuln/detail/CVE-2024-6290
[ 30 ] CVE-2024-6291
      https://nvd.nist.gov/vuln/detail/CVE-2024-6291
[ 31 ] CVE-2024-6292
      https://nvd.nist.gov/vuln/detail/CVE-2024-6292
[ 32 ] CVE-2024-6293
      https://nvd.nist.gov/vuln/detail/CVE-2024-6293
[ 33 ] CVE-2024-6988
      https://nvd.nist.gov/vuln/detail/CVE-2024-6988
[ 34 ] CVE-2024-6989
      https://nvd.nist.gov/vuln/detail/CVE-2024-6989
[ 35 ] CVE-2024-6991
      https://nvd.nist.gov/vuln/detail/CVE-2024-6991
[ 36 ] CVE-2024-6994
      https://nvd.nist.gov/vuln/detail/CVE-2024-6994
[ 37 ] CVE-2024-6995
      https://nvd.nist.gov/vuln/detail/CVE-2024-6995
[ 38 ] CVE-2024-6996
      https://nvd.nist.gov/vuln/detail/CVE-2024-6996
[ 39 ] CVE-2024-6997
      https://nvd.nist.gov/vuln/detail/CVE-2024-6997
[ 40 ] CVE-2024-6998
      https://nvd.nist.gov/vuln/detail/CVE-2024-6998
[ 41 ] CVE-2024-6999
      https://nvd.nist.gov/vuln/detail/CVE-2024-6999
[ 42 ] CVE-2024-7000
      https://nvd.nist.gov/vuln/detail/CVE-2024-7000
[ 43 ] CVE-2024-7001
      https://nvd.nist.gov/vuln/detail/CVE-2024-7001
[ 44 ] CVE-2024-7003
      https://nvd.nist.gov/vuln/detail/CVE-2024-7003
[ 45 ] CVE-2024-7004
      https://nvd.nist.gov/vuln/detail/CVE-2024-7004
[ 46 ] CVE-2024-7005
      https://nvd.nist.gov/vuln/detail/CVE-2024-7005
[ 47 ] CVE-2024-7532
      https://nvd.nist.gov/vuln/detail/CVE-2024-7532
[ 48 ] CVE-2024-7533
      https://nvd.nist.gov/vuln/detail/CVE-2024-7533
[ 49 ] CVE-2024-7534
      https://nvd.nist.gov/vuln/detail/CVE-2024-7534
[ 50 ] CVE-2024-7535
      https://nvd.nist.gov/vuln/detail/CVE-2024-7535
[ 51 ] CVE-2024-7536
      https://nvd.nist.gov/vuln/detail/CVE-2024-7536
[ 52 ] CVE-2024-7550
      https://nvd.nist.gov/vuln/detail/CVE-2024-7550
[ 53 ] CVE-2024-7964
      https://nvd.nist.gov/vuln/detail/CVE-2024-7964
[ 54 ] CVE-2024-7965
      https://nvd.nist.gov/vuln/detail/CVE-2024-7965
[ 55 ] CVE-2024-7966
      https://nvd.nist.gov/vuln/detail/CVE-2024-7966
[ 56 ] CVE-2024-7967
      https://nvd.nist.gov/vuln/detail/CVE-2024-7967
[ 57 ] CVE-2024-7968
      https://nvd.nist.gov/vuln/detail/CVE-2024-7968
[ 58 ] CVE-2024-7969
      https://nvd.nist.gov/vuln/detail/CVE-2024-7969
[ 59 ] CVE-2024-7971
      https://nvd.nist.gov/vuln/detail/CVE-2024-7971
[ 60 ] CVE-2024-7972
      https://nvd.nist.gov/vuln/detail/CVE-2024-7972
[ 61 ] CVE-2024-7973
      https://nvd.nist.gov/vuln/detail/CVE-2024-7973
[ 62 ] CVE-2024-7974
      https://nvd.nist.gov/vuln/detail/CVE-2024-7974
[ 63 ] CVE-2024-7975
      https://nvd.nist.gov/vuln/detail/CVE-2024-7975
[ 64 ] CVE-2024-7976
      https://nvd.nist.gov/vuln/detail/CVE-2024-7976
[ 65 ] CVE-2024-7977
      https://nvd.nist.gov/vuln/detail/CVE-2024-7977
[ 66 ] CVE-2024-7978
      https://nvd.nist.gov/vuln/detail/CVE-2024-7978
[ 67 ] CVE-2024-7979
      https://nvd.nist.gov/vuln/detail/CVE-2024-7979
[ 68 ] CVE-2024-7980
      https://nvd.nist.gov/vuln/detail/CVE-2024-7980
[ 69 ] CVE-2024-7981
      https://nvd.nist.gov/vuln/detail/CVE-2024-7981
[ 70 ] CVE-2024-8033
      https://nvd.nist.gov/vuln/detail/CVE-2024-8033
[ 71 ] CVE-2024-8034
      https://nvd.nist.gov/vuln/detail/CVE-2024-8034
[ 72 ] CVE-2024-8035
      https://nvd.nist.gov/vuln/detail/CVE-2024-8035
[ 73 ] CVE-2024-8193
      https://nvd.nist.gov/vuln/detail/CVE-2024-8193
[ 74 ] CVE-2024-8194
      https://nvd.nist.gov/vuln/detail/CVE-2024-8194
[ 75 ] CVE-2024-8198
      https://nvd.nist.gov/vuln/detail/CVE-2024-8198
[ 76 ] CVE-2024-8636
      https://nvd.nist.gov/vuln/detail/CVE-2024-8636
[ 77 ] CVE-2024-8637
      https://nvd.nist.gov/vuln/detail/CVE-2024-8637
[ 78 ] CVE-2024-8638
      https://nvd.nist.gov/vuln/detail/CVE-2024-8638
[ 79 ] CVE-2024-8639
      https://nvd.nist.gov/vuln/detail/CVE-2024-8639
[ 80 ] CVE-2024-9120
      https://nvd.nist.gov/vuln/detail/CVE-2024-9120
[ 81 ] CVE-2024-9121
      https://nvd.nist.gov/vuln/detail/CVE-2024-9121
[ 82 ] CVE-2024-9122
      https://nvd.nist.gov/vuln/detail/CVE-2024-9122
[ 83 ] CVE-2024-9123
      https://nvd.nist.gov/vuln/detail/CVE-2024-9123
[ 84 ] CVE-2024-9602
      https://nvd.nist.gov/vuln/detail/CVE-2024-9602
[ 85 ] CVE-2024-9603
      https://nvd.nist.gov/vuln/detail/CVE-2024-9603
[ 86 ] CVE-2024-10229
      https://nvd.nist.gov/vuln/detail/CVE-2024-10229
[ 87 ] CVE-2024-10230
      https://nvd.nist.gov/vuln/detail/CVE-2024-10230
[ 88 ] CVE-2024-10231
      https://nvd.nist.gov/vuln/detail/CVE-2024-10231
[ 89 ] CVE-2024-10826
      https://nvd.nist.gov/vuln/detail/CVE-2024-10826
[ 90 ] CVE-2024-10827
      https://nvd.nist.gov/vuln/detail/CVE-2024-10827
[ 91 ] CVE-2024-45490
      https://nvd.nist.gov/vuln/detail/CVE-2024-45490
[ 92 ] CVE-2024-45491
      https://nvd.nist.gov/vuln/detail/CVE-2024-45491
[ 93 ] CVE-2024-45492
      https://nvd.nist.gov/vuln/detail/CVE-2024-45492

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202501-09

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5