Описание
Security update for libqt4
This update for libqt4 fixes the following issues:
- CVE-2021-3481: Fixed out of bounds read in QRadialFetchSimd() from crafted svg file (bsc#1184783).
- CVE-2020-17507: Fixed buffer over-read in read_xbm_body() (bsc#1176315).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
libqt4-4.8.7-8.16.1
libqt4-32bit-4.8.7-8.16.1
libqt4-qt3support-4.8.7-8.16.1
libqt4-qt3support-32bit-4.8.7-8.16.1
libqt4-sql-4.8.7-8.16.1
libqt4-sql-32bit-4.8.7-8.16.1
libqt4-sql-mysql-4.8.7-8.16.1
libqt4-sql-sqlite-4.8.7-8.16.1
libqt4-x11-4.8.7-8.16.1
libqt4-x11-32bit-4.8.7-8.16.1
qt4-x11-tools-4.8.7-8.16.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libqt4-4.8.7-8.16.1
libqt4-32bit-4.8.7-8.16.1
libqt4-qt3support-4.8.7-8.16.1
libqt4-qt3support-32bit-4.8.7-8.16.1
libqt4-sql-4.8.7-8.16.1
libqt4-sql-32bit-4.8.7-8.16.1
libqt4-sql-mysql-4.8.7-8.16.1
libqt4-sql-sqlite-4.8.7-8.16.1
libqt4-x11-4.8.7-8.16.1
libqt4-x11-32bit-4.8.7-8.16.1
qt4-x11-tools-4.8.7-8.16.2
SUSE Linux Enterprise Software Development Kit 12 SP5
libqt4-devel-4.8.7-8.16.1
libqt4-devel-doc-4.8.7-8.16.2
libqt4-devel-doc-data-4.8.7-8.16.2
libqt4-linguist-4.8.7-8.16.1
libqt4-private-headers-devel-4.8.7-8.16.1
libqt4-sql-postgresql-4.8.7-8.16.1
libqt4-sql-postgresql-32bit-4.8.7-8.16.1
libqt4-sql-unixODBC-4.8.7-8.16.1
libqt4-sql-unixODBC-32bit-4.8.7-8.16.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libqt4-sql-mysql-32bit-4.8.7-8.16.1
libqt4-sql-postgresql-4.8.7-8.16.1
libqt4-sql-postgresql-32bit-4.8.7-8.16.1
libqt4-sql-sqlite-32bit-4.8.7-8.16.1
libqt4-sql-unixODBC-4.8.7-8.16.1
libqt4-sql-unixODBC-32bit-4.8.7-8.16.1
Ссылки
- Link for SUSE-SU-2021:4155-1
- E-Mail link for SUSE-SU-2021:4155-1
- SUSE Security Ratings
- SUSE Bug 1176315
- SUSE Bug 1184783
- SUSE CVE CVE-2020-17507 page
- SUSE CVE CVE-2021-3481 page
Описание
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libqt4-32bit-4.8.7-8.16.1
SUSE Linux Enterprise Server 12 SP5:libqt4-4.8.7-8.16.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-32bit-4.8.7-8.16.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-4.8.7-8.16.1
Ссылки
- CVE-2020-17507
- SUSE Bug 1176315
Описание
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libqt4-32bit-4.8.7-8.16.1
SUSE Linux Enterprise Server 12 SP5:libqt4-4.8.7-8.16.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-32bit-4.8.7-8.16.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-4.8.7-8.16.1
Ссылки
- CVE-2021-3481
- SUSE Bug 1184783