Описание
Security update for qt6-base
This update for qt6-base fixes the following issues:
- CVE-2025-5455: processing of malformed data in
qDecodeDataUrl()can trigger assertion and cause a crash (bsc#1243958). - CVE-2025-30348: complex algorithm used in
encodeTextin QDom when processing XML data can cause low performance (bsc#1239896).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
libQt6Core6-6.6.3-150600.3.6.1
libQt6DBus6-6.6.3-150600.3.6.1
libQt6Gui6-6.6.3-150600.3.6.1
libQt6Network6-6.6.3-150600.3.6.1
libQt6OpenGL6-6.6.3-150600.3.6.1
libQt6Sql6-6.6.3-150600.3.6.1
libQt6Test6-6.6.3-150600.3.6.1
libQt6Widgets6-6.6.3-150600.3.6.1
qt6-network-tls-6.6.3-150600.3.6.1
qt6-networkinformation-glib-6.6.3-150600.3.6.1
qt6-networkinformation-nm-6.6.3-150600.3.6.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
libQt6Core6-6.6.3-150600.3.6.1
libQt6DBus6-6.6.3-150600.3.6.1
libQt6Gui6-6.6.3-150600.3.6.1
libQt6Network6-6.6.3-150600.3.6.1
libQt6OpenGL6-6.6.3-150600.3.6.1
libQt6Sql6-6.6.3-150600.3.6.1
libQt6Test6-6.6.3-150600.3.6.1
libQt6Widgets6-6.6.3-150600.3.6.1
qt6-network-tls-6.6.3-150600.3.6.1
qt6-networkinformation-glib-6.6.3-150600.3.6.1
qt6-networkinformation-nm-6.6.3-150600.3.6.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
libQt6Concurrent6-6.6.3-150600.3.6.1
libQt6Core6-6.6.3-150600.3.6.1
libQt6DBus6-6.6.3-150600.3.6.1
libQt6Gui6-6.6.3-150600.3.6.1
libQt6Network6-6.6.3-150600.3.6.1
libQt6OpenGL6-6.6.3-150600.3.6.1
libQt6OpenGLWidgets6-6.6.3-150600.3.6.1
libQt6PrintSupport6-6.6.3-150600.3.6.1
libQt6Sql6-6.6.3-150600.3.6.1
libQt6Test6-6.6.3-150600.3.6.1
libQt6Widgets6-6.6.3-150600.3.6.1
libQt6Xml6-6.6.3-150600.3.6.1
qt6-base-common-devel-6.6.3-150600.3.6.1
qt6-base-devel-6.6.3-150600.3.6.1
qt6-base-docs-html-6.6.3-150600.3.6.1
qt6-base-docs-qch-6.6.3-150600.3.6.1
qt6-base-examples-6.6.3-150600.3.6.1
qt6-base-private-devel-6.6.3-150600.3.6.1
qt6-concurrent-devel-6.6.3-150600.3.6.1
qt6-core-devel-6.6.3-150600.3.6.1
qt6-core-private-devel-6.6.3-150600.3.6.1
qt6-dbus-devel-6.6.3-150600.3.6.1
qt6-dbus-private-devel-6.6.3-150600.3.6.1
qt6-docs-common-6.6.3-150600.3.6.1
qt6-exampleicons-devel-static-6.6.3-150600.3.6.1
qt6-gui-devel-6.6.3-150600.3.6.1
qt6-gui-private-devel-6.6.3-150600.3.6.1
qt6-kmssupport-devel-static-6.6.3-150600.3.6.1
qt6-kmssupport-private-devel-6.6.3-150600.3.6.1
qt6-network-devel-6.6.3-150600.3.6.1
qt6-network-private-devel-6.6.3-150600.3.6.1
qt6-network-tls-6.6.3-150600.3.6.1
qt6-opengl-devel-6.6.3-150600.3.6.1
qt6-opengl-private-devel-6.6.3-150600.3.6.1
qt6-openglwidgets-devel-6.6.3-150600.3.6.1
qt6-platformsupport-devel-static-6.6.3-150600.3.6.1
qt6-platformsupport-private-devel-6.6.3-150600.3.6.1
qt6-platformtheme-gtk3-6.6.3-150600.3.6.1
qt6-platformtheme-xdgdesktopportal-6.6.3-150600.3.6.1
qt6-printsupport-cups-6.6.3-150600.3.6.1
qt6-printsupport-devel-6.6.3-150600.3.6.1
qt6-printsupport-private-devel-6.6.3-150600.3.6.1
qt6-sql-devel-6.6.3-150600.3.6.1
qt6-sql-mysql-6.6.3-150600.3.6.1
qt6-sql-postgresql-6.6.3-150600.3.6.1
qt6-sql-private-devel-6.6.3-150600.3.6.1
qt6-sql-sqlite-6.6.3-150600.3.6.1
qt6-sql-unixODBC-6.6.3-150600.3.6.1
qt6-test-devel-6.6.3-150600.3.6.1
qt6-test-private-devel-6.6.3-150600.3.6.1
qt6-widgets-devel-6.6.3-150600.3.6.1
qt6-widgets-private-devel-6.6.3-150600.3.6.1
qt6-xml-devel-6.6.3-150600.3.6.1
qt6-xml-private-devel-6.6.3-150600.3.6.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
libQt6Concurrent6-6.6.3-150600.3.6.1
libQt6OpenGLWidgets6-6.6.3-150600.3.6.1
libQt6PrintSupport6-6.6.3-150600.3.6.1
libQt6Xml6-6.6.3-150600.3.6.1
qt6-base-common-devel-6.6.3-150600.3.6.1
qt6-base-devel-6.6.3-150600.3.6.1
qt6-base-docs-html-6.6.3-150600.3.6.1
qt6-base-docs-qch-6.6.3-150600.3.6.1
qt6-base-examples-6.6.3-150600.3.6.1
qt6-base-private-devel-6.6.3-150600.3.6.1
qt6-concurrent-devel-6.6.3-150600.3.6.1
qt6-core-devel-6.6.3-150600.3.6.1
qt6-core-private-devel-6.6.3-150600.3.6.1
qt6-dbus-devel-6.6.3-150600.3.6.1
qt6-dbus-private-devel-6.6.3-150600.3.6.1
qt6-docs-common-6.6.3-150600.3.6.1
qt6-exampleicons-devel-static-6.6.3-150600.3.6.1
qt6-gui-devel-6.6.3-150600.3.6.1
qt6-gui-private-devel-6.6.3-150600.3.6.1
qt6-kmssupport-devel-static-6.6.3-150600.3.6.1
qt6-kmssupport-private-devel-6.6.3-150600.3.6.1
qt6-network-devel-6.6.3-150600.3.6.1
qt6-network-private-devel-6.6.3-150600.3.6.1
qt6-network-tls-6.6.3-150600.3.6.1
qt6-opengl-devel-6.6.3-150600.3.6.1
qt6-opengl-private-devel-6.6.3-150600.3.6.1
qt6-openglwidgets-devel-6.6.3-150600.3.6.1
qt6-platformsupport-devel-static-6.6.3-150600.3.6.1
qt6-platformsupport-private-devel-6.6.3-150600.3.6.1
qt6-platformtheme-gtk3-6.6.3-150600.3.6.1
qt6-platformtheme-xdgdesktopportal-6.6.3-150600.3.6.1
qt6-printsupport-cups-6.6.3-150600.3.6.1
qt6-printsupport-devel-6.6.3-150600.3.6.1
qt6-printsupport-private-devel-6.6.3-150600.3.6.1
qt6-sql-devel-6.6.3-150600.3.6.1
qt6-sql-mysql-6.6.3-150600.3.6.1
qt6-sql-postgresql-6.6.3-150600.3.6.1
qt6-sql-private-devel-6.6.3-150600.3.6.1
qt6-sql-sqlite-6.6.3-150600.3.6.1
qt6-sql-unixODBC-6.6.3-150600.3.6.1
qt6-test-devel-6.6.3-150600.3.6.1
qt6-test-private-devel-6.6.3-150600.3.6.1
qt6-widgets-devel-6.6.3-150600.3.6.1
qt6-widgets-private-devel-6.6.3-150600.3.6.1
qt6-xml-devel-6.6.3-150600.3.6.1
qt6-xml-private-devel-6.6.3-150600.3.6.1
openSUSE Leap 15.6
libQt6Concurrent6-6.6.3-150600.3.6.1
libQt6Core6-6.6.3-150600.3.6.1
libQt6DBus6-6.6.3-150600.3.6.1
libQt6Gui6-6.6.3-150600.3.6.1
libQt6Network6-6.6.3-150600.3.6.1
libQt6OpenGL6-6.6.3-150600.3.6.1
libQt6OpenGLWidgets6-6.6.3-150600.3.6.1
libQt6PrintSupport6-6.6.3-150600.3.6.1
libQt6Sql6-6.6.3-150600.3.6.1
libQt6Test6-6.6.3-150600.3.6.1
libQt6Widgets6-6.6.3-150600.3.6.1
libQt6Xml6-6.6.3-150600.3.6.1
qt6-base-common-devel-6.6.3-150600.3.6.1
qt6-base-devel-6.6.3-150600.3.6.1
qt6-base-docs-html-6.6.3-150600.3.6.1
qt6-base-docs-qch-6.6.3-150600.3.6.1
qt6-base-examples-6.6.3-150600.3.6.1
qt6-base-private-devel-6.6.3-150600.3.6.1
qt6-concurrent-devel-6.6.3-150600.3.6.1
qt6-core-devel-6.6.3-150600.3.6.1
qt6-core-private-devel-6.6.3-150600.3.6.1
qt6-dbus-devel-6.6.3-150600.3.6.1
qt6-dbus-private-devel-6.6.3-150600.3.6.1
qt6-docs-common-6.6.3-150600.3.6.1
qt6-exampleicons-devel-static-6.6.3-150600.3.6.1
qt6-gui-devel-6.6.3-150600.3.6.1
qt6-gui-private-devel-6.6.3-150600.3.6.1
qt6-kmssupport-devel-static-6.6.3-150600.3.6.1
qt6-kmssupport-private-devel-6.6.3-150600.3.6.1
qt6-network-devel-6.6.3-150600.3.6.1
qt6-network-private-devel-6.6.3-150600.3.6.1
qt6-network-tls-6.6.3-150600.3.6.1
qt6-networkinformation-glib-6.6.3-150600.3.6.1
qt6-networkinformation-nm-6.6.3-150600.3.6.1
qt6-opengl-devel-6.6.3-150600.3.6.1
qt6-opengl-private-devel-6.6.3-150600.3.6.1
qt6-openglwidgets-devel-6.6.3-150600.3.6.1
qt6-platformsupport-devel-static-6.6.3-150600.3.6.1
qt6-platformsupport-private-devel-6.6.3-150600.3.6.1
qt6-platformtheme-gtk3-6.6.3-150600.3.6.1
qt6-platformtheme-xdgdesktopportal-6.6.3-150600.3.6.1
qt6-printsupport-cups-6.6.3-150600.3.6.1
qt6-printsupport-devel-6.6.3-150600.3.6.1
qt6-printsupport-private-devel-6.6.3-150600.3.6.1
qt6-sql-devel-6.6.3-150600.3.6.1
qt6-sql-mysql-6.6.3-150600.3.6.1
qt6-sql-postgresql-6.6.3-150600.3.6.1
qt6-sql-private-devel-6.6.3-150600.3.6.1
qt6-sql-sqlite-6.6.3-150600.3.6.1
qt6-sql-unixODBC-6.6.3-150600.3.6.1
qt6-test-devel-6.6.3-150600.3.6.1
qt6-test-private-devel-6.6.3-150600.3.6.1
qt6-widgets-devel-6.6.3-150600.3.6.1
qt6-widgets-private-devel-6.6.3-150600.3.6.1
qt6-xml-devel-6.6.3-150600.3.6.1
qt6-xml-private-devel-6.6.3-150600.3.6.1
Ссылки
- Link for SUSE-SU-2025:03599-1
- E-Mail link for SUSE-SU-2025:03599-1
- SUSE Security Ratings
- SUSE Bug 1239896
- SUSE Bug 1243958
- SUSE CVE CVE-2025-30348 page
- SUSE CVE CVE-2025-5455 page
Описание
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6Core6-6.6.3-150600.3.6.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6DBus6-6.6.3-150600.3.6.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6Gui6-6.6.3-150600.3.6.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6Network6-6.6.3-150600.3.6.1
Ссылки
- CVE-2025-30348
- SUSE Bug 1239895
Описание
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6Core6-6.6.3-150600.3.6.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6DBus6-6.6.3-150600.3.6.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6Gui6-6.6.3-150600.3.6.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libQt6Network6-6.6.3-150600.3.6.1
Ссылки
- CVE-2025-5455
- SUSE Bug 1243958
- SUSE Bug 1245610