SUSE-SU-2021:3354-1

Опубликовано: 12 окт. 2021

Источник: suse-cvrf

Описание

Security update for libqt5-qtsvg

This update for libqt5-qtsvg fixes the following issues:

CVE-2021-3481: Fixed an out of bounds read in function QRadialFetchSimd from crafted svg file. (bsc#1184783)

Список пакетов

Image SLES15-SP2-SAP-Azure

libQt5Svg5-5.12.7-3.3.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libQt5Svg5-5.12.7-3.3.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libQt5Svg5-5.12.7-3.3.1

Image SLES15-SP2-SAP-BYOS-Azure

libQt5Svg5-5.12.7-3.3.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libQt5Svg5-5.12.7-3.3.1

Image SLES15-SP2-SAP-BYOS-GCE

libQt5Svg5-5.12.7-3.3.1

Image SLES15-SP2-SAP-EC2-HVM

libQt5Svg5-5.12.7-3.3.1

Image SLES15-SP2-SAP-GCE

libQt5Svg5-5.12.7-3.3.1

Image SLES15-SP3-SAP-BYOS-Azure

libQt5Svg5-5.12.7-3.3.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

libQt5Svg5-5.12.7-3.3.1

Image SLES15-SP3-SAP-BYOS-GCE

libQt5Svg5-5.12.7-3.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP2

libQt5Svg5-5.12.7-3.3.1

libqt5-qtsvg-devel-5.12.7-3.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP3

libQt5Svg5-5.12.7-3.3.1

libqt5-qtsvg-devel-5.12.7-3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP2

libqt5-qtsvg-private-headers-devel-5.12.7-3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3

libqt5-qtsvg-private-headers-devel-5.12.7-3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20213354-1/
Link for SUSE-SU-2021:3354-1
https://lists.suse.com/pipermail/sle-security-updates/2021-October/009575.html
E-Mail link for SUSE-SU-2021:3354-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1184783
SUSE Bug 1184783
https://www.suse.com/security/cve/CVE-2021-3481/
SUSE CVE CVE-2021-3481 page

Описание

A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.

Затронутые продукты

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libQt5Svg5-5.12.7-3.3.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libQt5Svg5-5.12.7-3.3.1

Image SLES15-SP2-SAP-Azure:libQt5Svg5-5.12.7-3.3.1

Image SLES15-SP2-SAP-BYOS-Azure:libQt5Svg5-5.12.7-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3481.html
CVE-2021-3481
https://bugzilla.suse.com/1184783
SUSE Bug 1184783

SUSE-SU-2021:3354-1

Описание

Список пакетов

Image SLES15-SP2-SAP-Azure

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-BYOS-Azure

Image SLES15-SP2-SAP-BYOS-EC2-HVM

Image SLES15-SP2-SAP-BYOS-GCE

Image SLES15-SP2-SAP-EC2-HVM

Image SLES15-SP2-SAP-GCE

Image SLES15-SP3-SAP-BYOS-Azure

Image SLES15-SP3-SAP-BYOS-EC2-HVM

Image SLES15-SP3-SAP-BYOS-GCE

SUSE Linux Enterprise Module for Basesystem 15 SP2

SUSE Linux Enterprise Module for Basesystem 15 SP3

SUSE Linux Enterprise Module for Desktop Applications 15 SP2

SUSE Linux Enterprise Module for Desktop Applications 15 SP3

Ссылки

Уязвимость: CVE-2021-3481

Описание

Затронутые продукты

Ссылки