SUSE-SU-2024:2875-1

Опубликовано: 12 авг. 2024

Источник: suse-cvrf

Описание

Security update for qt6-base

This update for qt6-base fixes the following issues:

CVE-2024-33861: Fixed an invalid pointer being passed as a callback which coud lead to modification of the stack (bsc#1223917)
CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted() can be responded to (bsc#1227426)

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP6

libQt6Core6-6.6.3-150600.3.3.1

libQt6DBus6-6.6.3-150600.3.3.1

libQt6Gui6-6.6.3-150600.3.3.1

libQt6Network6-6.6.3-150600.3.3.1

libQt6OpenGL6-6.6.3-150600.3.3.1

libQt6Sql6-6.6.3-150600.3.3.1

libQt6Test6-6.6.3-150600.3.3.1

libQt6Widgets6-6.6.3-150600.3.3.1

qt6-network-tls-6.6.3-150600.3.3.1

qt6-networkinformation-glib-6.6.3-150600.3.3.1

qt6-networkinformation-nm-6.6.3-150600.3.3.1

SUSE Linux Enterprise Module for Package Hub 15 SP6

libQt6Concurrent6-6.6.3-150600.3.3.1

libQt6Core6-6.6.3-150600.3.3.1

libQt6DBus6-6.6.3-150600.3.3.1

libQt6Gui6-6.6.3-150600.3.3.1

libQt6Network6-6.6.3-150600.3.3.1

libQt6OpenGL6-6.6.3-150600.3.3.1

libQt6OpenGLWidgets6-6.6.3-150600.3.3.1

libQt6PrintSupport6-6.6.3-150600.3.3.1

libQt6Sql6-6.6.3-150600.3.3.1

libQt6Test6-6.6.3-150600.3.3.1

libQt6Widgets6-6.6.3-150600.3.3.1

libQt6Xml6-6.6.3-150600.3.3.1

qt6-base-common-devel-6.6.3-150600.3.3.1

qt6-base-devel-6.6.3-150600.3.3.1

qt6-base-docs-html-6.6.3-150600.3.3.1

qt6-base-docs-qch-6.6.3-150600.3.3.1

qt6-base-examples-6.6.3-150600.3.3.1

qt6-base-private-devel-6.6.3-150600.3.3.1

qt6-concurrent-devel-6.6.3-150600.3.3.1

qt6-core-devel-6.6.3-150600.3.3.1

qt6-core-private-devel-6.6.3-150600.3.3.1

qt6-dbus-devel-6.6.3-150600.3.3.1

qt6-dbus-private-devel-6.6.3-150600.3.3.1

qt6-docs-common-6.6.3-150600.3.3.1

qt6-exampleicons-devel-static-6.6.3-150600.3.3.1

qt6-gui-devel-6.6.3-150600.3.3.1

qt6-gui-private-devel-6.6.3-150600.3.3.1

qt6-kmssupport-devel-static-6.6.3-150600.3.3.1

qt6-kmssupport-private-devel-6.6.3-150600.3.3.1

qt6-network-devel-6.6.3-150600.3.3.1

qt6-network-private-devel-6.6.3-150600.3.3.1

qt6-network-tls-6.6.3-150600.3.3.1

qt6-opengl-devel-6.6.3-150600.3.3.1

qt6-opengl-private-devel-6.6.3-150600.3.3.1

qt6-openglwidgets-devel-6.6.3-150600.3.3.1

qt6-platformsupport-devel-static-6.6.3-150600.3.3.1

qt6-platformsupport-private-devel-6.6.3-150600.3.3.1

qt6-platformtheme-gtk3-6.6.3-150600.3.3.1

qt6-platformtheme-xdgdesktopportal-6.6.3-150600.3.3.1

qt6-printsupport-cups-6.6.3-150600.3.3.1

qt6-printsupport-devel-6.6.3-150600.3.3.1

qt6-printsupport-private-devel-6.6.3-150600.3.3.1

qt6-sql-devel-6.6.3-150600.3.3.1

qt6-sql-mysql-6.6.3-150600.3.3.1

qt6-sql-postgresql-6.6.3-150600.3.3.1

qt6-sql-private-devel-6.6.3-150600.3.3.1

qt6-sql-sqlite-6.6.3-150600.3.3.1

qt6-sql-unixODBC-6.6.3-150600.3.3.1

qt6-test-devel-6.6.3-150600.3.3.1

qt6-test-private-devel-6.6.3-150600.3.3.1

qt6-widgets-devel-6.6.3-150600.3.3.1

qt6-widgets-private-devel-6.6.3-150600.3.3.1

qt6-xml-devel-6.6.3-150600.3.3.1

qt6-xml-private-devel-6.6.3-150600.3.3.1

openSUSE Leap 15.6

libQt6Concurrent6-6.6.3-150600.3.3.1

libQt6Core6-6.6.3-150600.3.3.1

libQt6DBus6-6.6.3-150600.3.3.1

libQt6Gui6-6.6.3-150600.3.3.1

libQt6Network6-6.6.3-150600.3.3.1

libQt6OpenGL6-6.6.3-150600.3.3.1

libQt6OpenGLWidgets6-6.6.3-150600.3.3.1

libQt6PrintSupport6-6.6.3-150600.3.3.1

libQt6Sql6-6.6.3-150600.3.3.1

libQt6Test6-6.6.3-150600.3.3.1

libQt6Widgets6-6.6.3-150600.3.3.1

libQt6Xml6-6.6.3-150600.3.3.1

qt6-base-common-devel-6.6.3-150600.3.3.1

qt6-base-devel-6.6.3-150600.3.3.1

qt6-base-docs-html-6.6.3-150600.3.3.1

qt6-base-docs-qch-6.6.3-150600.3.3.1

qt6-base-examples-6.6.3-150600.3.3.1

qt6-base-private-devel-6.6.3-150600.3.3.1

qt6-concurrent-devel-6.6.3-150600.3.3.1

qt6-core-devel-6.6.3-150600.3.3.1

qt6-core-private-devel-6.6.3-150600.3.3.1

qt6-dbus-devel-6.6.3-150600.3.3.1

qt6-dbus-private-devel-6.6.3-150600.3.3.1

qt6-docs-common-6.6.3-150600.3.3.1

qt6-exampleicons-devel-static-6.6.3-150600.3.3.1

qt6-gui-devel-6.6.3-150600.3.3.1

qt6-gui-private-devel-6.6.3-150600.3.3.1

qt6-kmssupport-devel-static-6.6.3-150600.3.3.1

qt6-kmssupport-private-devel-6.6.3-150600.3.3.1

qt6-network-devel-6.6.3-150600.3.3.1

qt6-network-private-devel-6.6.3-150600.3.3.1

qt6-network-tls-6.6.3-150600.3.3.1

qt6-networkinformation-glib-6.6.3-150600.3.3.1

qt6-networkinformation-nm-6.6.3-150600.3.3.1

qt6-opengl-devel-6.6.3-150600.3.3.1

qt6-opengl-private-devel-6.6.3-150600.3.3.1

qt6-openglwidgets-devel-6.6.3-150600.3.3.1

qt6-platformsupport-devel-static-6.6.3-150600.3.3.1

qt6-platformsupport-private-devel-6.6.3-150600.3.3.1

qt6-platformtheme-gtk3-6.6.3-150600.3.3.1

qt6-platformtheme-xdgdesktopportal-6.6.3-150600.3.3.1

qt6-printsupport-cups-6.6.3-150600.3.3.1

qt6-printsupport-devel-6.6.3-150600.3.3.1

qt6-printsupport-private-devel-6.6.3-150600.3.3.1

qt6-sql-devel-6.6.3-150600.3.3.1

qt6-sql-mysql-6.6.3-150600.3.3.1

qt6-sql-postgresql-6.6.3-150600.3.3.1

qt6-sql-private-devel-6.6.3-150600.3.3.1

qt6-sql-sqlite-6.6.3-150600.3.3.1

qt6-sql-unixODBC-6.6.3-150600.3.3.1

qt6-test-devel-6.6.3-150600.3.3.1

qt6-test-private-devel-6.6.3-150600.3.3.1

qt6-widgets-devel-6.6.3-150600.3.3.1

qt6-widgets-private-devel-6.6.3-150600.3.3.1

qt6-xml-devel-6.6.3-150600.3.3.1

qt6-xml-private-devel-6.6.3-150600.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242875-1/
Link for SUSE-SU-2024:2875-1
https://lists.suse.com/pipermail/sle-updates/2024-August/036416.html
E-Mail link for SUSE-SU-2024:2875-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1223917
SUSE Bug 1223917
https://bugzilla.suse.com/1227426
SUSE Bug 1227426
https://www.suse.com/security/cve/CVE-2024-33861/
SUSE CVE CVE-2024-33861 page
https://www.suse.com/security/cve/CVE-2024-39936/
SUSE CVE CVE-2024-39936 page

Описание

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Затронутые продукты

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6Core6-6.6.3-150600.3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6DBus6-6.6.3-150600.3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6Gui6-6.6.3-150600.3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6Network6-6.6.3-150600.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-33861.html
CVE-2024-33861
https://bugzilla.suse.com/1223917
SUSE Bug 1223917

Описание

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Затронутые продукты

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6Core6-6.6.3-150600.3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6DBus6-6.6.3-150600.3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6Gui6-6.6.3-150600.3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6Network6-6.6.3-150600.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39936.html
CVE-2024-39936
https://bugzilla.suse.com/1227426
SUSE Bug 1227426

SUSE-SU-2024:2875-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP6

SUSE Linux Enterprise Module for Package Hub 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-33861

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-39936

Описание

Затронутые продукты

Ссылки