Advertisement

Latest News

[ Windows | Linux | Apple ]

· 20-Way AMD / NVIDIA Linux Gaming Benchmarks For The 2018 Holidays and more
· Chromium Update for openSUSE
· 4K Video Editing PC - November 2018 and more
· Patch Security Update for Arch Linux
· Tiff3 and Chromium-Browser Security Update for Debian
· AMD RX590 Crossfire Testing and more
· Unbreakable Enterprise kernel bug fix update for Oracle Linux 7 aarch64
· GNOME 3.32.2 released
· LibreOffice, ImageMagick, Apache-PDFBox, Xorg-X11-Server, OpenSSH, Libxkdcommon, Systemd, Amanda Updates for openSUSE
· AMD Radeon RX 590 Reviews and more

Linux Compatibility

· Brother DCP-L2540DN
· Sound Blaster E5
· WD Elements 500GB external hard drive
· Canon D660U Flatbad scanner
· Umax Astra 4500 USB Scanner
· Logitech QuickCam Pro 4000
· Dell Latitude E6420
· Creative Sound Blaster Z
· Photosmart 5520
· TB-5300 Slimline Design Tablet

New Forum Topics

· Dale
by: Dale Blinco
on: 2018-02-05 00:26
1 replies, 2948 views

· modem driver needed
by: jongiffen777
on: 2017-12-13 11:11
1 replies, 4501 views

· Need a decent browser for XP Pro!
by: percy
on: 2017-12-05 11:02
2 replies, 6203 views

· Comodo Time Machine + Faronics Deep Freeze
by: Jabberwocky
on: 2017-11-15 23:17
1 replies, 4747 views

· Linux compatablity
by: ibme
on: 2017-10-04 18:05
1 replies, 6653 views

News Channels

· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Updates
· Interviews
· Linux
· General
· Debian
· Red Hat
· Slackware
· Gentoo
· Mandriva
· White Box
· SUSE
· GNOME
· KDE
· CentOS
· Ubuntu
· MEPIS
· Android
· Oracle Linux
· Arch Linux

What's New

Login to see an overview of all news stories since your last visit.

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Qutebrowser Security Update for Arch Linux

Posted by Philipp Esselbach on: 07/12/2018 08:31 AM [ Print | 0 comment(s) ]

Updated qutebrowser packages has been released for Arch Linux

Arch Linux Security Advisory ASA-201807-3
=========================================

Severity: Critical
Date : 2018-07-11
CVE-ID : CVE-2018-10895
Package : qutebrowser
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-735

Summary
=======

The package qutebrowser before version 1.4.1-1 is vulnerable to
arbitrary code execution.

Resolution
==========

Upgrade to 1.4.1-1.

# pacman -Syu "qutebrowser>=1.4.1-1"

The problem has been fixed upstream in version 1.4.1.

Workaround
==========

It's possible to patch out the vulnerable code via a config.py file

from qutebrowser.browser import qutescheme
qutescheme._qute_settings_set = lambda url: ('text/html', '')

Description
===========

Due to a CSRF vulnerability affecting the qute://settings page, it was
possible for websites to modify qutebrowser settings. Via settings like
editor.command, this possibly allowed websites to execute arbitrary
code.

Impact
======

A remote attacker is able to execute code with a specially crafted web
page.

References
==========

https://github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660
https://github.com/qutebrowser/qutebrowser/issues/4060
https://security.archlinux.org/CVE-2018-10895

Qutebrowser Security Update for Arch Linux

All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2018 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition