A libqt5-qtwebengine security update has been released for SUSE Linux Enterprise 15 SP4.

openSUSE-SU-2022:10049-1: moderate: Security update for libqt5-qtwebengine

openSUSE Security Update: Security update for libqt5-qtwebengine
______________________________________________________________________________

Announcement ID: openSUSE-SU-2022:10049-1
Rating: moderate
References:
Cross-References: CVE-2022-0797 CVE-2022-1125 CVE-2022-1138
CVE-2022-1305 CVE-2022-1310 CVE-2022-1314
CVE-2022-1493
CVSS scores:
CVE-2022-0797 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________

An update that fixes 7 vulnerabilities is now available.

Description:

This update for libqt5-qtwebengine fixes the following issues:

Update to version 5.15.10:

* Fix top level build with no widget
* Fix read-after-free on EGL extensions
* Update Chromium
* Add workaround for unstable gn on macOS in ci
* Pass archiver to gn build
* Fix navigation to non-local URLs
* Add support for universal builds for qtwebengine and qtpdf
* Enable Apple Silicon support
* Fix cross compilation x86_64->arm64 on mac
* Bump version to 5.15.10
* CustomDialogs: Make custom input fields readable in dark mode
* CookieBrowser: Make alternating rows readable in dark mode

* Update Chromium:
* Bump V8_PATCH_LEVEL
* Fix clang set-but-unused-variable warning
* Fix mac toolchain python linker script call
* Fix missing dependency for gpu sources
* Fix python calls
* Fix undefined symbol for universal link
* Quick fix for regression in service workers by reverting backports
* [Backport] CVE-2022-0797: Out of bounds memory access in Mojo
* [Backport] CVE-2022-1125
* [Backport] CVE-2022-1138: Inappropriate implementation in Web Cursor.
* [Backport] CVE-2022-1305: Use after free in storage
* [Backport] CVE-2022-1310: Use after free in regular expressions
* [Backport] CVE-2022-1314: Type Confusion in V8
* [Backport] CVE-2022-1493: Use after free in Dev Tools
* [Backport] On arm64 hosts, set host_cpu to 'arm64', not 'arm'
* [Backport] Security Bug 1296876
* [Backport] Security bug 1269999
* [Backport] Security bug 1280852
* [Backport] Security bug 1292905
* [Backport] Security bug 1304659
* [Backport] Security bug 1306507

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP4:

zypper in -t patch openSUSE-2022-10049=1


Package List:

- openSUSE Backports SLE-15-SP4 (aarch64 x86_64):

libQt5Pdf5-5.15.10-bp154.2.3.2
libQt5PdfWidgets5-5.15.10-bp154.2.3.2
libqt5-qtpdf-devel-5.15.10-bp154.2.3.2
libqt5-qtpdf-examples-5.15.10-bp154.2.3.2
libqt5-qtpdf-imports-5.15.10-bp154.2.3.2
libqt5-qtwebengine-5.15.10-bp154.2.3.2
libqt5-qtwebengine-devel-5.15.10-bp154.2.3.2
libqt5-qtwebengine-examples-5.15.10-bp154.2.3.2

- openSUSE Backports SLE-15-SP4 (noarch):

libqt5-qtpdf-private-headers-devel-5.15.10-bp154.2.3.2
libqt5-qtwebengine-private-headers-devel-5.15.10-bp154.2.3.2

References:

  https://www.suse.com/security/cve/CVE-2022-0797.html
  https://www.suse.com/security/cve/CVE-2022-1125.html
  https://www.suse.com/security/cve/CVE-2022-1138.html
  https://www.suse.com/security/cve/CVE-2022-1305.html
  https://www.suse.com/security/cve/CVE-2022-1310.html
  https://www.suse.com/security/cve/CVE-2022-1314.html
  https://www.suse.com/security/cve/CVE-2022-1493.html