Описание
Security update for libqt5-qt3d
This update for libqt5-qt3d fixes the following issues:
- CVE-2024-40724: Fixed heap-based buffer overflow in the PLY importer class in assimp (bsc#1228204)
Other fixes:
- Check for a nullptr returned from the shader manager
- Fill image with transparency by default to avoid having junk if it's not filled properly before the first paint call
- Fix QTextureAtlas parenting that could lead to crashes due to being used after free'd.
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
libQt53DAnimation-devel-5.15.8+kde0-150500.3.3.1
libQt53DAnimation5-5.15.8+kde0-150500.3.3.1
libQt53DCore-devel-5.15.8+kde0-150500.3.3.1
libQt53DCore5-5.15.8+kde0-150500.3.3.1
libQt53DExtras-devel-5.15.8+kde0-150500.3.3.1
libQt53DExtras5-5.15.8+kde0-150500.3.3.1
libQt53DInput-devel-5.15.8+kde0-150500.3.3.1
libQt53DInput5-5.15.8+kde0-150500.3.3.1
libQt53DLogic-devel-5.15.8+kde0-150500.3.3.1
libQt53DLogic5-5.15.8+kde0-150500.3.3.1
libQt53DQuick-devel-5.15.8+kde0-150500.3.3.1
libQt53DQuick5-5.15.8+kde0-150500.3.3.1
libQt53DQuickAnimation-devel-5.15.8+kde0-150500.3.3.1
libQt53DQuickAnimation5-5.15.8+kde0-150500.3.3.1
libQt53DQuickExtras-devel-5.15.8+kde0-150500.3.3.1
libQt53DQuickExtras5-5.15.8+kde0-150500.3.3.1
libQt53DQuickInput-devel-5.15.8+kde0-150500.3.3.1
libQt53DQuickInput5-5.15.8+kde0-150500.3.3.1
libQt53DQuickRender-devel-5.15.8+kde0-150500.3.3.1
libQt53DQuickRender5-5.15.8+kde0-150500.3.3.1
libQt53DQuickScene2D-devel-5.15.8+kde0-150500.3.3.1
libQt53DQuickScene2D5-5.15.8+kde0-150500.3.3.1
libQt53DRender-devel-5.15.8+kde0-150500.3.3.1
libQt53DRender5-5.15.8+kde0-150500.3.3.1
libqt5-qt3d-devel-5.15.8+kde0-150500.3.3.1
libqt5-qt3d-imports-5.15.8+kde0-150500.3.3.1
libqt5-qt3d-private-headers-devel-5.15.8+kde0-150500.3.3.1
libqt5-qt3d-tools-5.15.8+kde0-150500.3.3.1
openSUSE Leap 15.5
libQt53DAnimation-devel-5.15.8+kde0-150500.3.3.1
libQt53DAnimation5-5.15.8+kde0-150500.3.3.1
libQt53DCore-devel-5.15.8+kde0-150500.3.3.1
libQt53DCore5-5.15.8+kde0-150500.3.3.1
libQt53DExtras-devel-5.15.8+kde0-150500.3.3.1
libQt53DExtras5-5.15.8+kde0-150500.3.3.1
libQt53DInput-devel-5.15.8+kde0-150500.3.3.1
libQt53DInput5-5.15.8+kde0-150500.3.3.1
libQt53DLogic-devel-5.15.8+kde0-150500.3.3.1
libQt53DLogic5-5.15.8+kde0-150500.3.3.1
libQt53DQuick-devel-5.15.8+kde0-150500.3.3.1
libQt53DQuick5-5.15.8+kde0-150500.3.3.1
libQt53DQuickAnimation-devel-5.15.8+kde0-150500.3.3.1
libQt53DQuickAnimation5-5.15.8+kde0-150500.3.3.1
libQt53DQuickExtras-devel-5.15.8+kde0-150500.3.3.1
libQt53DQuickExtras5-5.15.8+kde0-150500.3.3.1
libQt53DQuickInput-devel-5.15.8+kde0-150500.3.3.1
libQt53DQuickInput5-5.15.8+kde0-150500.3.3.1
libQt53DQuickRender-devel-5.15.8+kde0-150500.3.3.1
libQt53DQuickRender5-5.15.8+kde0-150500.3.3.1
libQt53DQuickScene2D-devel-5.15.8+kde0-150500.3.3.1
libQt53DQuickScene2D5-5.15.8+kde0-150500.3.3.1
libQt53DRender-devel-5.15.8+kde0-150500.3.3.1
libQt53DRender5-5.15.8+kde0-150500.3.3.1
libqt5-qt3d-devel-5.15.8+kde0-150500.3.3.1
libqt5-qt3d-examples-5.15.8+kde0-150500.3.3.1
libqt5-qt3d-imports-5.15.8+kde0-150500.3.3.1
libqt5-qt3d-private-headers-devel-5.15.8+kde0-150500.3.3.1
libqt5-qt3d-tools-5.15.8+kde0-150500.3.3.1
Ссылки
- Link for SUSE-SU-2024:3079-1
- E-Mail link for SUSE-SU-2024:3079-1
- SUSE Security Ratings
- SUSE Bug 1228204
- SUSE CVE CVE-2024-40724 page
Описание
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libQt53DAnimation-devel-5.15.8+kde0-150500.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libQt53DAnimation5-5.15.8+kde0-150500.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libQt53DCore-devel-5.15.8+kde0-150500.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libQt53DCore5-5.15.8+kde0-150500.3.3.1
Ссылки
- CVE-2024-40724
- SUSE Bug 1228142