Описание
Security update for libqt5-qtsvg
This update for libqt5-qtsvg fixes the following issues:
- CVE-2021-45930: Fixed an out-of-bounds write that may have let to a denial-of-service (bsc#1196654).
- CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont m_unitsPerEm variable (bsc#1211298).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
libQt5Svg5-5.6.2-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libQt5Svg5-5.6.2-3.11.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libqt5-qtsvg-devel-5.6.2-3.11.1
libqt5-qtsvg-private-headers-devel-5.6.2-3.11.1
Ссылки
- Link for SUSE-SU-2023:2967-1
- E-Mail link for SUSE-SU-2023:2967-1
- SUSE Security Ratings
- SUSE Bug 1196654
- SUSE Bug 1211298
- SUSE CVE CVE-2021-45930 page
- SUSE CVE CVE-2023-32573 page
Описание
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libQt5Svg5-5.6.2-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libQt5Svg5-5.6.2-3.11.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libqt5-qtsvg-devel-5.6.2-3.11.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libqt5-qtsvg-private-headers-devel-5.6.2-3.11.1
Ссылки
- CVE-2021-45930
- SUSE Bug 1196654
Описание
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libQt5Svg5-5.6.2-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libQt5Svg5-5.6.2-3.11.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libqt5-qtsvg-devel-5.6.2-3.11.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libqt5-qtsvg-private-headers-devel-5.6.2-3.11.1
Ссылки
- CVE-2023-32573
- SUSE Bug 1211298