Описание
Security update for qt6-webengine
This update for qt6-webengine fixes the following issues:
- CVE-2024-40896: Fixed a XML external entity vulnerability related to libxml2 (boo#1234820)
Список пакетов
SUSE Package Hub 15 SP6
libQt6Pdf6-6.6.3-bp156.2.3.1
libQt6PdfQuick6-6.6.3-bp156.2.3.1
libQt6PdfWidgets6-6.6.3-bp156.2.3.1
libQt6WebEngineCore6-6.6.3-bp156.2.3.1
libQt6WebEngineQuick6-6.6.3-bp156.2.3.1
libQt6WebEngineWidgets6-6.6.3-bp156.2.3.1
qt6-pdf-devel-6.6.3-bp156.2.3.1
qt6-pdf-imports-6.6.3-bp156.2.3.1
qt6-pdf-private-devel-6.6.3-bp156.2.3.1
qt6-pdfquick-devel-6.6.3-bp156.2.3.1
qt6-pdfquick-private-devel-6.6.3-bp156.2.3.1
qt6-pdfwidgets-devel-6.6.3-bp156.2.3.1
qt6-pdfwidgets-private-devel-6.6.3-bp156.2.3.1
qt6-webengine-6.6.3-bp156.2.3.1
qt6-webengine-docs-html-6.6.3-bp156.2.3.1
qt6-webengine-docs-qch-6.6.3-bp156.2.3.1
qt6-webengine-examples-6.6.3-bp156.2.3.1
qt6-webengine-imports-6.6.3-bp156.2.3.1
qt6-webenginecore-devel-6.6.3-bp156.2.3.1
qt6-webenginecore-private-devel-6.6.3-bp156.2.3.1
qt6-webenginequick-devel-6.6.3-bp156.2.3.1
qt6-webenginequick-private-devel-6.6.3-bp156.2.3.1
qt6-webenginewidgets-devel-6.6.3-bp156.2.3.1
qt6-webenginewidgets-private-devel-6.6.3-bp156.2.3.1
openSUSE Leap 15.6
libQt6Pdf6-6.6.3-bp156.2.3.1
libQt6PdfQuick6-6.6.3-bp156.2.3.1
libQt6PdfWidgets6-6.6.3-bp156.2.3.1
libQt6WebEngineCore6-6.6.3-bp156.2.3.1
libQt6WebEngineQuick6-6.6.3-bp156.2.3.1
libQt6WebEngineWidgets6-6.6.3-bp156.2.3.1
qt6-pdf-devel-6.6.3-bp156.2.3.1
qt6-pdf-imports-6.6.3-bp156.2.3.1
qt6-pdf-private-devel-6.6.3-bp156.2.3.1
qt6-pdfquick-devel-6.6.3-bp156.2.3.1
qt6-pdfquick-private-devel-6.6.3-bp156.2.3.1
qt6-pdfwidgets-devel-6.6.3-bp156.2.3.1
qt6-pdfwidgets-private-devel-6.6.3-bp156.2.3.1
qt6-webengine-6.6.3-bp156.2.3.1
qt6-webengine-docs-html-6.6.3-bp156.2.3.1
qt6-webengine-docs-qch-6.6.3-bp156.2.3.1
qt6-webengine-examples-6.6.3-bp156.2.3.1
qt6-webengine-imports-6.6.3-bp156.2.3.1
qt6-webenginecore-devel-6.6.3-bp156.2.3.1
qt6-webenginecore-private-devel-6.6.3-bp156.2.3.1
qt6-webenginequick-devel-6.6.3-bp156.2.3.1
qt6-webenginequick-private-devel-6.6.3-bp156.2.3.1
qt6-webenginewidgets-devel-6.6.3-bp156.2.3.1
qt6-webenginewidgets-private-devel-6.6.3-bp156.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2025:0024-1
- SUSE Security Ratings
- SUSE Bug 1234820
- SUSE CVE CVE-2024-40896 page
Описание
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
Затронутые продукты
SUSE Package Hub 15 SP6:libQt6Pdf6-6.6.3-bp156.2.3.1
SUSE Package Hub 15 SP6:libQt6PdfQuick6-6.6.3-bp156.2.3.1
SUSE Package Hub 15 SP6:libQt6PdfWidgets6-6.6.3-bp156.2.3.1
SUSE Package Hub 15 SP6:libQt6WebEngineCore6-6.6.3-bp156.2.3.1
Ссылки
- CVE-2024-40896
- SUSE Bug 1234812