Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:4622-1

Опубликовано: 30 нояб. 2023
Источник: suse-cvrf

Описание

Security update for libqt4

This update for libqt4 fixes the following issues:

  • CVE-2021-45930: Fix out of-bounds write when parsing path nodes (bsc#1196654).
  • CVE-2023-32573: Fix missing initialization of QSvgFont unitsPerEm (bsc#1211298).
  • CVE-2023-32763: Fix potential buffer when rendering a SVG file with an image inside (bsc#1211798).
  • CVE-2023-34410: Fix missing sync of disablement of loading root certificates in qsslsocketprivate (bsc#1211994).
  • CVE-2023-37369: Fix buffer overflow in QXmlStreamReader (bsc#1214327).
  • CVE-2023-38197: Fix infinite loops in QXmlStreamReader (bsc#1213326).

Список пакетов

SUSE Linux Enterprise Server 12 SP5
libqt4-4.8.7-8.19.1
libqt4-32bit-4.8.7-8.19.1
libqt4-qt3support-4.8.7-8.19.1
libqt4-qt3support-32bit-4.8.7-8.19.1
libqt4-sql-4.8.7-8.19.1
libqt4-sql-32bit-4.8.7-8.19.1
libqt4-sql-mysql-4.8.7-8.19.1
libqt4-sql-sqlite-4.8.7-8.19.1
libqt4-x11-4.8.7-8.19.1
libqt4-x11-32bit-4.8.7-8.19.1
qt4-x11-tools-4.8.7-8.19.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libqt4-4.8.7-8.19.1
libqt4-32bit-4.8.7-8.19.1
libqt4-qt3support-4.8.7-8.19.1
libqt4-qt3support-32bit-4.8.7-8.19.1
libqt4-sql-4.8.7-8.19.1
libqt4-sql-32bit-4.8.7-8.19.1
libqt4-sql-mysql-4.8.7-8.19.1
libqt4-sql-sqlite-4.8.7-8.19.1
libqt4-x11-4.8.7-8.19.1
libqt4-x11-32bit-4.8.7-8.19.1
qt4-x11-tools-4.8.7-8.19.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libqt4-devel-4.8.7-8.19.1
libqt4-devel-doc-4.8.7-8.19.1
libqt4-devel-doc-data-4.8.7-8.19.1
libqt4-linguist-4.8.7-8.19.1
libqt4-private-headers-devel-4.8.7-8.19.1
libqt4-sql-postgresql-4.8.7-8.19.1
libqt4-sql-postgresql-32bit-4.8.7-8.19.1
libqt4-sql-unixODBC-4.8.7-8.19.1
libqt4-sql-unixODBC-32bit-4.8.7-8.19.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libqt4-sql-mysql-32bit-4.8.7-8.19.1
libqt4-sql-postgresql-4.8.7-8.19.1
libqt4-sql-postgresql-32bit-4.8.7-8.19.1
libqt4-sql-sqlite-32bit-4.8.7-8.19.1
libqt4-sql-unixODBC-4.8.7-8.19.1
libqt4-sql-unixODBC-32bit-4.8.7-8.19.1

Ссылки

Описание

Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libqt4-32bit-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-32bit-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-4.8.7-8.19.1
Ссылки

Описание

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libqt4-32bit-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-32bit-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-4.8.7-8.19.1
Ссылки

Описание

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libqt4-32bit-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-32bit-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-4.8.7-8.19.1
Ссылки

Описание

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libqt4-32bit-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-32bit-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-4.8.7-8.19.1
Ссылки

Описание

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libqt4-32bit-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-32bit-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-4.8.7-8.19.1
Ссылки

Описание

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libqt4-32bit-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-32bit-4.8.7-8.19.1
SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-4.8.7-8.19.1
Ссылки
Уязвимость SUSE-SU-2023:4622-1