Advertisement

Latest News

[ Windows | Linux | Apple ]

· Nvidia GeForce GTX 1660 Ti Reviews and more
· NVIDIA 418.43 Linux Display Drivers released
· Windows 10 Insider Preview Build 18343 and Build 18841 released
· NVIDIA Geforce Game Ready Driver 419.17 WHQL
· Iscsi-initiator-utils Bug Fix Update for Oracle Linux 6
· Rssh Security Update for Debian 9
· Bind Security Update for Ubuntu Linux
· Build, Mosquitto, Nodejs6, GraphicsMagick Updates for openSUSE
· Adrenalin Software Edition 19.2.2 Driver Performance Analysis using the Red Devil RX 590 and more
· GNOME 3.32 Beta 2 released

Linux Compatibility

· Brother DCP-L2540DN
· Sound Blaster E5
· WD Elements 500GB external hard drive
· Canon D660U Flatbad scanner
· Umax Astra 4500 USB Scanner
· Logitech QuickCam Pro 4000
· Dell Latitude E6420
· Creative Sound Blaster Z
· Photosmart 5520
· TB-5300 Slimline Design Tablet

New Forum Topics

· Dale
by: Dale Blinco
on: 2018-02-05 00:26
1 replies, 4051 views

· modem driver needed
by: jongiffen777
on: 2017-12-13 11:11
1 replies, 5790 views

· Need a decent browser for XP Pro!
by: percy
on: 2017-12-05 11:02
2 replies, 7191 views

· Comodo Time Machine + Faronics Deep Freeze
by: Jabberwocky
on: 2017-11-15 23:17
1 replies, 5706 views

· Linux compatablity
by: ibme
on: 2017-10-04 18:05
1 replies, 7644 views

News Channels

· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Updates
· Interviews
· Linux
· General
· Debian
· Red Hat
· Slackware
· Gentoo
· Mandriva
· White Box
· SUSE
· GNOME
· KDE
· CentOS
· Ubuntu
· MEPIS
· Android
· Oracle Linux
· Arch Linux

What's New

Login to see an overview of all news stories since your last visit.

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Qutebrowser Security Update for Arch Linux

Posted by Philipp Esselbach on: 07/12/2018 08:31 AM [ Print | 0 comment(s) ]

Updated qutebrowser packages has been released for Arch Linux

Arch Linux Security Advisory ASA-201807-3
=========================================

Severity: Critical
Date : 2018-07-11
CVE-ID : CVE-2018-10895
Package : qutebrowser
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-735

Summary
=======

The package qutebrowser before version 1.4.1-1 is vulnerable to
arbitrary code execution.

Resolution
==========

Upgrade to 1.4.1-1.

# pacman -Syu "qutebrowser>=1.4.1-1"

The problem has been fixed upstream in version 1.4.1.

Workaround
==========

It's possible to patch out the vulnerable code via a config.py file

from qutebrowser.browser import qutescheme
qutescheme._qute_settings_set = lambda url: ('text/html', '')

Description
===========

Due to a CSRF vulnerability affecting the qute://settings page, it was
possible for websites to modify qutebrowser settings. Via settings like
editor.command, this possibly allowed websites to execute arbitrary
code.

Impact
======

A remote attacker is able to execute code with a specially crafted web
page.

References
==========

https://github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660
https://github.com/qutebrowser/qutebrowser/issues/4060
https://security.archlinux.org/CVE-2018-10895

Qutebrowser Security Update for Arch Linux

All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2018 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition