Advertisement

Latest News

[ Windows | Linux | Apple ]

· ASUSTOR AS4002T Network Attached Storage Review and more
· Spice and Spice-gtk Security Update for Oracle Linux 7 (aarch64)
· Slackware 14.2 Kernel (SSA:2018-264-01) Update
· GraphicsMagick and 14 more updates for openSUSE
· OpenAFS and Texlive-Bin Updates for Debian
· GeForce RTX 2080 Ti/2080 Mega Benchmark and more
· gscan2pdf 2.1.6 released
· Sympa and Hylafax Updates for Debian
· Spice Updates for Oracle Linux 6 and 7
· Exempi Security Update for openSUSE Leap

Linux Compatibility

· Brother DCP-L2540DN
· Sound Blaster E5
· WD Elements 500GB external hard drive
· Canon D660U Flatbad scanner
· Umax Astra 4500 USB Scanner
· Logitech QuickCam Pro 4000
· Dell Latitude E6420
· Creative Sound Blaster Z
· Photosmart 5520
· TB-5300 Slimline Design Tablet

New Forum Topics

· Dale
by: Dale Blinco
on: 2018-02-05 00:26
1 replies, 2533 views

· modem driver needed
by: jongiffen777
on: 2017-12-13 11:11
1 replies, 3971 views

· Need a decent browser for XP Pro!
by: percy
on: 2017-12-05 11:02
2 replies, 5780 views

· Comodo Time Machine + Faronics Deep Freeze
by: Jabberwocky
on: 2017-11-15 23:17
1 replies, 4293 views

· Linux compatablity
by: ibme
on: 2017-10-04 18:05
1 replies, 6207 views

News Channels

· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Updates
· Interviews
· Linux
· General
· Debian
· Red Hat
· Slackware
· Gentoo
· Mandriva
· White Box
· SUSE
· GNOME
· KDE
· CentOS
· Ubuntu
· MEPIS
· Android
· Oracle Linux
· Arch Linux

What's New

Login to see an overview of all news stories since your last visit.

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Qutebrowser Security Update for Arch Linux

Posted by Philipp Esselbach on: 07/12/2018 08:31 AM [ Print | 0 comment(s) ]

Updated qutebrowser packages has been released for Arch Linux

Arch Linux Security Advisory ASA-201807-3
=========================================

Severity: Critical
Date : 2018-07-11
CVE-ID : CVE-2018-10895
Package : qutebrowser
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-735

Summary
=======

The package qutebrowser before version 1.4.1-1 is vulnerable to
arbitrary code execution.

Resolution
==========

Upgrade to 1.4.1-1.

# pacman -Syu "qutebrowser>=1.4.1-1"

The problem has been fixed upstream in version 1.4.1.

Workaround
==========

It's possible to patch out the vulnerable code via a config.py file

from qutebrowser.browser import qutescheme
qutescheme._qute_settings_set = lambda url: ('text/html', '')

Description
===========

Due to a CSRF vulnerability affecting the qute://settings page, it was
possible for websites to modify qutebrowser settings. Via settings like
editor.command, this possibly allowed websites to execute arbitrary
code.

Impact
======

A remote attacker is able to execute code with a specially crafted web
page.

References
==========

https://github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660
https://github.com/qutebrowser/qutebrowser/issues/4060
https://security.archlinux.org/CVE-2018-10895

Qutebrowser Security Update for Arch Linux

All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2018 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition