Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1383-1

Опубликовано: 29 мая 2015
Источник: suse-cvrf

Описание

Security update for libqt5-qtbase

This security update fixes the following issues:

  • Add libqt5-Fix-a-division-by-zero-processing-malformed-BMP.patch
    • QTBUG-44547, bsc#921999 (CVE-2015-0295)
  • Add libqt5-Fixes-crash-in-bmp-and-ico-image-decoding.patch
    • bsc#927806 (CVE-2015-1858), bsc#927807 (CVE-2015-1859)
  • Add libqt5-Fixes-crash-in-gif-image-decoder.patch
    • bsc#927808 (CVE-2015-1860)
  • Add libqt5-fix-use-after-free-bug.patch from upstream
    • fixes the use-after-free bug in backingstore, boo#870151

Список пакетов

SUSE Linux Enterprise Desktop 12
libQt5Core5-5.3.1-4.4.2
libQt5DBus5-5.3.1-4.4.2
libQt5Gui5-5.3.1-4.4.2
libQt5Widgets5-5.3.1-4.4.2
SUSE Linux Enterprise Server 12
libQt5Core5-5.3.1-4.4.2
libQt5DBus5-5.3.1-4.4.2
libQt5Gui5-5.3.1-4.4.2
libQt5Widgets5-5.3.1-4.4.2
SUSE Linux Enterprise Server for SAP Applications 12
libQt5Core5-5.3.1-4.4.2
libQt5DBus5-5.3.1-4.4.2
libQt5Gui5-5.3.1-4.4.2
libQt5Widgets5-5.3.1-4.4.2
SUSE Linux Enterprise Software Development Kit 12
libQt5Bootstrap-devel-static-5.3.1-4.4.2
libQt5Concurrent-devel-5.3.1-4.4.2
libQt5Concurrent5-5.3.1-4.4.2
libQt5Core-devel-5.3.1-4.4.2
libQt5Core-private-headers-devel-5.3.1-4.4.2
libQt5DBus-devel-5.3.1-4.4.2
libQt5DBus-private-headers-devel-5.3.1-4.4.2
libQt5Gui-devel-5.3.1-4.4.2
libQt5Gui-private-headers-devel-5.3.1-4.4.2
libQt5Network-devel-5.3.1-4.4.2
libQt5Network-private-headers-devel-5.3.1-4.4.2
libQt5Network5-5.3.1-4.4.2
libQt5OpenGL-devel-5.3.1-4.4.2
libQt5OpenGL-private-headers-devel-5.3.1-4.4.2
libQt5OpenGL5-5.3.1-4.4.2
libQt5OpenGLExtensions-devel-static-5.3.1-4.4.2
libQt5PlatformSupport-devel-static-5.3.1-4.4.2
libQt5PlatformSupport-private-headers-devel-5.3.1-4.4.2
libQt5PrintSupport-devel-5.3.1-4.4.2
libQt5PrintSupport-private-headers-devel-5.3.1-4.4.2
libQt5PrintSupport5-5.3.1-4.4.2
libQt5Sql-devel-5.3.1-4.4.2
libQt5Sql-private-headers-devel-5.3.1-4.4.2
libQt5Sql5-5.3.1-4.4.2
libQt5Sql5-mysql-5.3.1-4.4.2
libQt5Sql5-postgresql-5.3.1-4.4.2
libQt5Sql5-sqlite-5.3.1-4.4.2
libQt5Sql5-unixODBC-5.3.1-4.4.2
libQt5Test-devel-5.3.1-4.4.2
libQt5Test-private-headers-devel-5.3.1-4.4.2
libQt5Test5-5.3.1-4.4.2
libQt5Widgets-devel-5.3.1-4.4.2
libQt5Widgets-private-headers-devel-5.3.1-4.4.2
libQt5Xml-devel-5.3.1-4.4.2
libQt5Xml5-5.3.1-4.4.2
libqt5-qtbase-common-devel-5.3.1-4.4.2
libqt5-qtbase-devel-5.3.1-4.4.2
libqt5-qtbase-doc-5.3.1-4.4.2
libqt5-qtbase-private-headers-devel-5.3.1-4.4.2

Ссылки

Описание

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libQt5Core5-5.3.1-4.4.2
SUSE Linux Enterprise Desktop 12:libQt5DBus5-5.3.1-4.4.2
SUSE Linux Enterprise Desktop 12:libQt5Gui5-5.3.1-4.4.2
SUSE Linux Enterprise Desktop 12:libQt5Widgets5-5.3.1-4.4.2
Ссылки

Описание

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libQt5Core5-5.3.1-4.4.2
SUSE Linux Enterprise Desktop 12:libQt5DBus5-5.3.1-4.4.2
SUSE Linux Enterprise Desktop 12:libQt5Gui5-5.3.1-4.4.2
SUSE Linux Enterprise Desktop 12:libQt5Widgets5-5.3.1-4.4.2
Ссылки

Описание

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libQt5Core5-5.3.1-4.4.2
SUSE Linux Enterprise Desktop 12:libQt5DBus5-5.3.1-4.4.2
SUSE Linux Enterprise Desktop 12:libQt5Gui5-5.3.1-4.4.2
SUSE Linux Enterprise Desktop 12:libQt5Widgets5-5.3.1-4.4.2
Ссылки

Описание

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libQt5Core5-5.3.1-4.4.2
SUSE Linux Enterprise Desktop 12:libQt5DBus5-5.3.1-4.4.2
SUSE Linux Enterprise Desktop 12:libQt5Gui5-5.3.1-4.4.2
SUSE Linux Enterprise Desktop 12:libQt5Widgets5-5.3.1-4.4.2
Ссылки