Custom Query (19904 matches)
Results (133 - 135 of 19904)
| Ticket | Owner | Reporter | Resolution | Summary |
|---|---|---|---|---|
| #12723 | fixed | Create sed to fix CVE-2019-13720 (qtwebengine) | ||
| Description |
Earlier today, I was made aware of a security vulnerability that is leading to arbitrary code execution via Chromium's audio layer, which affects QtWebEngine (and thus Falkon, which I'll test). The patch looks as if we can add a sed. Arch Linux Security Advisory ASA-201911-2 ========================================= Severity: Critical Date : 2019-11-02 CVE-ID : CVE-2019-13720 Package : qt5-webengine Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1059 Summary ======= The package qt5-webengine before version 5.13.2-2 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 5.13.2-2. # pacman -Syu "qt5-webengine>=5.13.2-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== A use-after-free vulnerability has been found in the audio component of the chromium browser before 78.0.3904.87. Google is aware of reports that an exploit for this vulnerability exists in the wild. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ========== https://bugs.archlinux.org/task/64347 https://code.qt.io/cgit/qt/qtwebengine-chromium.git/patch/?id=d6e5fc10e417efdf8665d9fba57c269f0534072f https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html https://crbug.com/1019226 https://security.archlinux.org/CVE-2019-13720 |
|||
| #13002 | fixed | firefox-68.4.1 (0day: CVE-2019-17026) | ||
| Description |
New point version of Firefox ESR. This is marked as critical as there is a 0-day vulnerability currently being exploited in the wild. Here are the details: https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
Mozilla Foundation Security Advisory 2020-03
Security Vulnerabilities fixed in Firefox 72.0.1 and Firefox ESR 68.4.1
Announced
January 8, 2020
Impact
critical
Products
Firefox, Firefox ESR
Fixed in
Firefox 72.0.1
Firefox ESR 68.4.1
#CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
Reporter
Qihoo 360 ATA
Impact
critical
Description
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw.
References
Bug 1607443
The United States Department of Homeland Security has also issued an advisory through their CISA (Cybersecurity and Infrastructure Security Agency) today. https://www.us-cert.gov/ncas/current-activity/2020/01/08/mozilla-patches-critical-vulnerability Mozilla Patches Critical Vulnerability Original release date: January 08, 2020 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates. We should probably get this in ASAP. |
|||
| #13004 | fixed | thunderbird-68.4.1 (0 day fix similar to Firefox) | ||
| Description |
Source has now appeared, but no release notes yet. Maybe this picks up the same fix as for yeasterday's firefox releases, or maybe they are just keeping in sync and had not got 68.4.0 ready. Please, whoever does this, can we have an accurate measurement of the disk build space using the version of rustc which is in the book ? |
|||
