Opened 11 months ago
Closed 11 months ago
#19822 closed enhancement (fixed)
qt6-6.7.1 qtwebengine-6.7.1
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | high | Milestone: | 12.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
Change History (5)
comment:2 by , 11 months ago
| Priority: | normal → high |
|---|
For the full release notes, see https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.7.1/release-note.md
This includes two security fixes (one of which is #19818 ): CVE-2024-33861 in qtbase, and CVE-2024-36048 in Network Authentication.
Past this though we have QtWebEngine's updates to it's bundled Chromium. Looking over at https://code.qt.io/cgit/qt/qtwebengine.git/log/?h=6.7.1, the commits that were pushed around the release of 6.7.0 were on 2024-03-22, where the last Chromium update was 2024-03-18.
The following Chromium updates were applied during that time to what is now 6.7.1:
For us, this means the following CVEs (and security bugs) were fixed. Note that we can't see security bugs:
- CVE-2024-3516 (High): Heap buffer overflow in ANGLE (RCE through a crafted HTML page)
- CVE-2024-3157 (High): Out of bounds write in Compositing (Remotely exploitable sandbox escape)
- Security bug 326349405
- CVE-2024-3159 (High): Out of bounds memory access in V8 (Arbitrary read/write of files through a crafted HTML page)
- Security bug 327183408
- Security bug 329674887 (2/2)
- Security bug 329674887 (1/2)
- CVE-2024-2887 (High): Type Confusion in WebAssembly (0day demonstrated at Pwn2Own https://www.zerodayinitiative.com/blog/2024/5/2/cve-2024-2887-a-pwn2own-winning-bug-in-google-chrome RCE and Sandbox Escape)
- CVE-2024-2885 (High): Use after free in Dawn (RCE via crafted HTML page)
- Security bug 41495984
- Security bug 40066823
- CVE-2024-2626 (Medium): Out of bounds read in Swiftshader (Out-of-bounds memory access via crafted HTML page)
- CVE-2024-2625 (High): Object lifecycle issue in V8 (RCE via object corruption in a crafted HTML page)
- CVE-2023-7104 (Critical): Heap buffer overflow in Sqlite (RCE in the context of Chromium)
- Security bug 332724843
- CVE-2024-4060 (High): Use after free in Dawn (RCE via crafted HTML page)
- CVE-2024-4058 (Critical): Type Confusion in ANGLE (RCE via crafted HTML page)
- Security bug 323898565
- CVE-2024-3840 (Medium): Insufficient policy enforcement in Site Isolation (content security policy bypass)
- Security bug 326498393
- CVE-2024-3914 (High): Use after free in V8 (RCE)
- Security bug 40940917
- Security bug 327698060
- CVE-2024-3837 (Medium): Use after free in QUIC (Crash via crafted HTML page)
- CVE-2024-3839 (Medium): Out of bounds read in Fonts (sensitive information disclosure from process memory via a crafted HTML page)
- Security bug 326521449
- CVE-2024-4761 (High): Out of bounds write in V8 (RCE via crafted HTML page, also a 0day and article at https://thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html)
- CVE-2024-4368 (High): Use after free in Dawn (RCE via crafted HTML page)
- CVE-2024-4331 (High): Use after free in Picture In Picture (RCE via crafted HTML page)
- Security bug 340221135
I'm going to mark this as High due to the severity of these issues.
comment:3 by , 11 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:5 by , 11 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
SA-12.1-046 issued for Qt6
SA-12.1-047 issued for QtWebEngine. I added some text recommending that users using the Qt5 version of QtWebEngine migrate to Qt6/QtWebEngine6/the latest Falkon since that will be the best way for them to get protected from these critical issues, and we probably won't have another QtWebEngine5 snapshot since it's not in the development book.
The
in QT is no longer needed.
6.7.1 makes #19818 obsolete