Описание
Security update for libqt5-qtsvg
This update for libqt5-qtsvg fixes the following issues:
- CVE-2021-45930: Fixed an out-of-bounds write that may have lead to a denial-of-service (bsc#1196654).
- CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont m_unitsPerEm variable (bsc#1211298).
Список пакетов
Image SLES15-SP5-SAP-Azure-3P
libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-BYOS-Azure
libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-BYOS-EC2
libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-BYOS-GCE
libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-Hardened-Azure
libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-Hardened-GCE
libQt5Svg5-5.15.8+kde8-150500.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
libQt5Svg5-5.15.8+kde8-150500.3.3.1
libqt5-qtsvg-devel-5.15.8+kde8-150500.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
libqt5-qtsvg-private-headers-devel-5.15.8+kde8-150500.3.3.1
openSUSE Leap 15.5
libQt5Svg5-5.15.8+kde8-150500.3.3.1
libQt5Svg5-32bit-5.15.8+kde8-150500.3.3.1
libqt5-qtsvg-devel-5.15.8+kde8-150500.3.3.1
libqt5-qtsvg-devel-32bit-5.15.8+kde8-150500.3.3.1
libqt5-qtsvg-examples-5.15.8+kde8-150500.3.3.1
libqt5-qtsvg-private-headers-devel-5.15.8+kde8-150500.3.3.1
Ссылки
- Link for SUSE-SU-2023:2969-1
- E-Mail link for SUSE-SU-2023:2969-1
- SUSE Security Ratings
- SUSE Bug 1196654
- SUSE Bug 1211298
- SUSE CVE CVE-2021-45930 page
- SUSE CVE CVE-2023-32573 page
Описание
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
Затронутые продукты
Image SLES15-SP5-SAP-Azure-3P:libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production:libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-Azure-LI-BYOS:libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production:libQt5Svg5-5.15.8+kde8-150500.3.3.1
Ссылки
- CVE-2021-45930
- SUSE Bug 1196654
Описание
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
Затронутые продукты
Image SLES15-SP5-SAP-Azure-3P:libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production:libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-Azure-LI-BYOS:libQt5Svg5-5.15.8+kde8-150500.3.3.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production:libQt5Svg5-5.15.8+kde8-150500.3.3.1
Ссылки
- CVE-2023-32573
- SUSE Bug 1211298