openSUSE-SU-2015:2368-1

Опубликовано: 26 дек. 2015

Источник: suse-cvrf

Описание

Security update for Qt 5

Qt 5 was updated to the 5.5.1 release to deliver upstream improvements and fixes to Qt functionality.

The following Security fixes are contained in QtWebEngineCore:

ICU: CVE-2014-8146, CVE-2014-8147
Blink: CVE-2015-1284, CVE-2015-1291, CVE-2015-1292
Skia: CVE-2015-1294
V8: CVE-2015-1290

The following packages were rebuilt because they use private headers:

calibre
fcitx-qt5
frameworkintegration
kwayland
kwin5,
lxqt-powermanagement
lxqt-qtplugin

Список пакетов

openSUSE Leap 42.1

calibre-2.46.0-11.1

fcitx-qt5-1.0.4-6.3

fcitx-qt5-32bit-1.0.4-6.3

fcitx-qt5-devel-1.0.4-6.3

frameworkintegration-5.16.0-6.3

frameworkintegration-devel-5.16.0-6.3

frameworkintegration-devel-32bit-5.16.0-6.3

frameworkintegration-plugin-5.16.0-6.3

frameworkintegration-plugin-32bit-5.16.0-6.3

kwayland-5.4.3-6.3

kwayland-32bit-5.4.3-6.3

kwayland-devel-5.4.3-6.3

kwayland-devel-32bit-5.4.3-6.3

kwin5-5.4.3-6.10

kwin5-devel-5.4.3-6.10

kwin5-lang-5.4.3-6.10

libKF5Style5-5.16.0-6.3

libKF5Style5-32bit-5.16.0-6.3

libKF5Style5-lang-5.16.0-6.3

libQt53DCollision-devel-5.5.1-2.1

libQt53DCollision5-5.5.1-2.1

libQt53DCollision5-32bit-5.5.1-2.1

libQt53DCore-devel-5.5.1-2.1

libQt53DCore5-5.5.1-2.1

libQt53DCore5-32bit-5.5.1-2.1

libQt53DInput-devel-5.5.1-2.1

libQt53DInput5-5.5.1-2.1

libQt53DInput5-32bit-5.5.1-2.1

libQt53DLogic-devel-5.5.1-2.1

libQt53DLogic5-5.5.1-2.1

libQt53DLogic5-32bit-5.5.1-2.1

libQt53DQuick-devel-5.5.1-2.1

libQt53DQuick5-5.5.1-2.1

libQt53DQuick5-32bit-5.5.1-2.1

libQt53DQuickRenderer-devel-5.5.1-2.1

libQt53DQuickRenderer5-5.5.1-2.1

libQt53DQuickRenderer5-32bit-5.5.1-2.1

libQt53DRenderer-devel-5.5.1-2.1

libQt53DRenderer5-5.5.1-2.1

libQt53DRenderer5-32bit-5.5.1-2.1

libQt5Bluetooth5-5.5.1-3.3

libQt5Bluetooth5-32bit-5.5.1-3.3

libQt5Bluetooth5-imports-5.5.1-3.3

libQt5Bootstrap-devel-static-5.5.1-4.1

libQt5Bootstrap-devel-static-32bit-5.5.1-4.1

libQt5CLucene5-5.5.1-3.2

libQt5CLucene5-32bit-5.5.1-3.2

libQt5Compositor5-5.5.1-3.3

libQt5Compositor5-32bit-5.5.1-3.3

libQt5Concurrent-devel-5.5.1-4.1

libQt5Concurrent-devel-32bit-5.5.1-4.1

libQt5Concurrent5-5.5.1-4.1

libQt5Concurrent5-32bit-5.5.1-4.1

libQt5Core-devel-5.5.1-4.1

libQt5Core-devel-32bit-5.5.1-4.1

libQt5Core-private-headers-devel-5.5.1-4.1

libQt5Core5-5.5.1-4.1

libQt5Core5-32bit-5.5.1-4.1

libQt5DBus-devel-5.5.1-4.1

libQt5DBus-devel-32bit-5.5.1-4.1

libQt5DBus-private-headers-devel-5.5.1-4.1

libQt5DBus5-5.5.1-4.1

libQt5DBus5-32bit-5.5.1-4.1

libQt5Declarative5-5.5.1-3.2

libQt5Declarative5-32bit-5.5.1-3.2

libQt5Designer5-5.5.1-3.2

libQt5Designer5-32bit-5.5.1-3.2

libQt5DesignerComponents5-5.5.1-3.2

libQt5DesignerComponents5-32bit-5.5.1-3.2

libQt5Gui-devel-5.5.1-4.1

libQt5Gui-devel-32bit-5.5.1-4.1

libQt5Gui-private-headers-devel-5.5.1-4.1

libQt5Gui5-5.5.1-4.1

libQt5Gui5-32bit-5.5.1-4.1

libQt5Help5-5.5.1-3.2

libQt5Help5-32bit-5.5.1-3.2

libQt5Location5-5.5.1-3.2

libQt5Location5-32bit-5.5.1-3.2

libQt5Multimedia5-5.5.1-3.3

libQt5Multimedia5-32bit-5.5.1-3.3

libQt5Network-devel-5.5.1-4.1

libQt5Network-devel-32bit-5.5.1-4.1

libQt5Network-private-headers-devel-5.5.1-4.1

libQt5Network5-5.5.1-4.1

libQt5Network5-32bit-5.5.1-4.1

libQt5Nfc5-5.5.1-3.3

libQt5Nfc5-32bit-5.5.1-3.3

libQt5Nfc5-imports-5.5.1-3.3

libQt5OpenGL-devel-5.5.1-4.1

libQt5OpenGL-devel-32bit-5.5.1-4.1

libQt5OpenGL-private-headers-devel-5.5.1-4.1

libQt5OpenGL5-5.5.1-4.1

libQt5OpenGL5-32bit-5.5.1-4.1

libQt5OpenGLExtensions-devel-static-5.5.1-4.1

libQt5OpenGLExtensions-devel-static-32bit-5.5.1-4.1

libQt5PlatformHeaders-devel-5.5.1-4.1

libQt5PlatformSupport-devel-static-5.5.1-4.1

libQt5PlatformSupport-devel-static-32bit-5.5.1-4.1

libQt5PlatformSupport-private-headers-devel-5.5.1-4.1

libQt5Positioning5-5.5.1-3.2

libQt5Positioning5-32bit-5.5.1-3.2

libQt5PrintSupport-devel-5.5.1-4.1

libQt5PrintSupport-devel-32bit-5.5.1-4.1

libQt5PrintSupport-private-headers-devel-5.5.1-4.1

libQt5PrintSupport5-5.5.1-4.1

libQt5PrintSupport5-32bit-5.5.1-4.1

libQt5Script5-5.5.1-3.2

libQt5Script5-32bit-5.5.1-3.2

libQt5Sensors5-5.5.1-3.1

libQt5Sensors5-32bit-5.5.1-3.1

libQt5Sensors5-imports-5.5.1-3.1

libQt5SerialPort5-5.5.1-3.1

libQt5SerialPort5-32bit-5.5.1-3.1

libQt5Sql-devel-5.5.1-4.1

libQt5Sql-devel-32bit-5.5.1-4.1

libQt5Sql-private-headers-devel-5.5.1-4.1

libQt5Sql5-5.5.1-4.1

libQt5Sql5-32bit-5.5.1-4.1

libQt5Sql5-mysql-5.5.1-4.1

libQt5Sql5-mysql-32bit-5.5.1-4.1

libQt5Sql5-postgresql-5.5.1-4.1

libQt5Sql5-postgresql-32bit-5.5.1-4.1

libQt5Sql5-sqlite-5.5.1-4.1

libQt5Sql5-sqlite-32bit-5.5.1-4.1

libQt5Sql5-unixODBC-5.5.1-4.1

libQt5Sql5-unixODBC-32bit-5.5.1-4.1

libQt5Svg5-5.5.1-3.1

libQt5Svg5-32bit-5.5.1-3.1

libQt5Test-devel-5.5.1-4.1

libQt5Test-devel-32bit-5.5.1-4.1

libQt5Test-private-headers-devel-5.5.1-4.1

libQt5Test5-5.5.1-4.1

libQt5Test5-32bit-5.5.1-4.1

libQt5WaylandClient5-5.5.1-3.3

libQt5WaylandClient5-32bit-5.5.1-3.3

libQt5WebChannel5-5.5.1-3.1

libQt5WebChannel5-32bit-5.5.1-3.1

libQt5WebChannel5-imports-5.5.1-3.1

libQt5WebKit-private-headers-devel-5.5.1-3.2

libQt5WebKit5-5.5.1-3.2

libQt5WebKit5-32bit-5.5.1-3.2

libQt5WebKit5-devel-5.5.1-3.2

libQt5WebKit5-devel-32bit-5.5.1-3.2

libQt5WebKit5-imports-5.5.1-3.2

libQt5WebKitWidgets-devel-5.5.1-3.2

libQt5WebKitWidgets-devel-32bit-5.5.1-3.2

libQt5WebKitWidgets-private-headers-devel-5.5.1-3.2

libQt5WebKitWidgets5-5.5.1-3.2

libQt5WebKitWidgets5-32bit-5.5.1-3.2

libQt5WebSockets5-5.5.1-3.1

libQt5WebSockets5-32bit-5.5.1-3.1

libQt5WebSockets5-imports-5.5.1-3.1

libQt5Widgets-devel-5.5.1-4.1

libQt5Widgets-devel-32bit-5.5.1-4.1

libQt5Widgets-private-headers-devel-5.5.1-4.1

libQt5Widgets5-5.5.1-4.1

libQt5Widgets5-32bit-5.5.1-4.1

libQt5X11Extras5-5.5.1-3.1

libQt5X11Extras5-32bit-5.5.1-3.1

libQt5Xml-devel-5.5.1-4.1

libQt5Xml-devel-32bit-5.5.1-4.1

libQt5Xml5-5.5.1-4.1

libQt5Xml5-32bit-5.5.1-4.1

libQt5XmlPatterns5-5.5.1-3.1

libQt5XmlPatterns5-32bit-5.5.1-3.1

libQtQuick5-5.5.1-3.2

libQtQuick5-32bit-5.5.1-3.2

libqt5-creator-3.5.1-6.6

libqt5-linguist-5.5.1-3.2

libqt5-linguist-devel-5.5.1-3.2

libqt5-qt3d-5.5.1-2.1

libqt5-qt3d-devel-5.5.1-2.1

libqt5-qt3d-examples-5.5.1-2.1

libqt5-qt3d-imports-5.5.1-2.1

libqt5-qt3d-private-headers-devel-5.5.1-2.1

libqt5-qtbase-5.5.1-4.1

libqt5-qtbase-common-devel-5.5.1-4.1

libqt5-qtbase-devel-5.5.1-4.1

libqt5-qtbase-doc-5.5.1-4.1

libqt5-qtbase-examples-5.5.1-4.1

libqt5-qtbase-examples-32bit-5.5.1-4.1

libqt5-qtbase-platformtheme-gtk2-5.5.1-4.1

libqt5-qtbase-private-headers-devel-5.5.1-4.1

libqt5-qtconnectivity-5.5.1-3.3

libqt5-qtconnectivity-devel-5.5.1-3.3

libqt5-qtconnectivity-devel-32bit-5.5.1-3.3

libqt5-qtconnectivity-examples-5.5.1-3.3

libqt5-qtconnectivity-private-headers-devel-5.5.1-3.3

libqt5-qtconnectivity-tools-5.5.1-3.3

libqt5-qtct-0.20-3.1

libqt5-qtdeclarative-5.5.1-3.2

libqt5-qtdeclarative-devel-5.5.1-3.2

libqt5-qtdeclarative-devel-32bit-5.5.1-3.2

libqt5-qtdeclarative-examples-5.5.1-3.2

libqt5-qtdeclarative-private-headers-devel-5.5.1-3.2

libqt5-qtdeclarative-tools-5.5.1-3.2

libqt5-qtdoc-5.5.1-3.1

libqt5-qtgraphicaleffects-5.5.1-3.1

libqt5-qtimageformats-5.5.1-3.1

libqt5-qtimageformats-32bit-5.5.1-3.1

libqt5-qtimageformats-devel-5.5.1-3.1

libqt5-qtlocation-5.5.1-3.2

libqt5-qtlocation-devel-5.5.1-3.2

libqt5-qtlocation-devel-32bit-5.5.1-3.2

libqt5-qtlocation-examples-5.5.1-3.2

libqt5-qtlocation-private-headers-devel-5.5.1-3.2

libqt5-qtmultimedia-5.5.1-3.3

libqt5-qtmultimedia-devel-5.5.1-3.3

libqt5-qtmultimedia-devel-32bit-5.5.1-3.3

libqt5-qtmultimedia-examples-5.5.1-3.3

libqt5-qtmultimedia-private-headers-devel-5.5.1-3.3

libqt5-qtquick1-5.5.1-3.2

libqt5-qtquick1-devel-5.5.1-3.2

libqt5-qtquick1-devel-32bit-5.5.1-3.2

libqt5-qtquick1-examples-5.5.1-3.2

libqt5-qtquick1-private-headers-devel-5.5.1-3.2

libqt5-qtquickcontrols-5.5.1-3.1

libqt5-qtquickcontrols-examples-5.5.1-3.1

libqt5-qtscript-5.5.1-3.2

libqt5-qtscript-devel-5.5.1-3.2

libqt5-qtscript-devel-32bit-5.5.1-3.2

libqt5-qtscript-examples-5.5.1-3.2

libqt5-qtscript-private-headers-devel-5.5.1-3.2

libqt5-qtsensors-5.5.1-3.1

libqt5-qtsensors-devel-5.5.1-3.1

libqt5-qtsensors-devel-32bit-5.5.1-3.1

libqt5-qtsensors-examples-5.5.1-3.1

libqt5-qtsensors-private-headers-devel-5.5.1-3.1

libqt5-qtserialport-5.5.1-3.1

libqt5-qtserialport-devel-5.5.1-3.1

libqt5-qtserialport-devel-32bit-5.5.1-3.1

libqt5-qtserialport-private-headers-devel-5.5.1-3.1

libqt5-qtsvg-5.5.1-3.1

libqt5-qtsvg-devel-5.5.1-3.1

libqt5-qtsvg-devel-32bit-5.5.1-3.1

libqt5-qtsvg-examples-5.5.1-3.1

libqt5-qtsvg-private-headers-devel-5.5.1-3.1

libqt5-qttools-5.5.1-3.2

libqt5-qttools-32bit-5.5.1-3.2

libqt5-qttools-devel-5.5.1-3.2

libqt5-qttools-devel-32bit-5.5.1-3.2

libqt5-qttools-examples-5.5.1-3.2

libqt5-qttools-private-headers-devel-5.5.1-3.2

libqt5-qttranslations-5.5.1-3.1

libqt5-qtwayland-5.5.1-3.3

libqt5-qtwayland-32bit-5.5.1-3.3

libqt5-qtwayland-devel-5.5.1-3.3

libqt5-qtwayland-devel-32bit-5.5.1-3.3

libqt5-qtwayland-examples-5.5.1-3.3

libqt5-qtwayland-private-headers-devel-5.5.1-3.3

libqt5-qtwebchannel-5.5.1-3.1

libqt5-qtwebchannel-devel-5.5.1-3.1

libqt5-qtwebchannel-devel-32bit-5.5.1-3.1

libqt5-qtwebchannel-examples-5.5.1-3.1

libqt5-qtwebchannel-private-headers-devel-5.5.1-3.1

libqt5-qtwebengine-5.5.1-4.3

libqt5-qtwebengine-32bit-5.5.1-4.3

libqt5-qtwebengine-devel-5.5.1-4.3

libqt5-qtwebengine-devel-32bit-5.5.1-4.3

libqt5-qtwebengine-examples-5.5.1-4.3

libqt5-qtwebengine-private-headers-devel-5.5.1-4.3

libqt5-qtwebkit-5.5.1-3.2

libqt5-qtwebkit-examples-5.5.1-3.1

libqt5-qtwebsockets-5.5.1-3.1

libqt5-qtwebsockets-devel-5.5.1-3.1

libqt5-qtwebsockets-devel-32bit-5.5.1-3.1

libqt5-qtwebsockets-examples-5.5.1-3.1

libqt5-qtwebsockets-private-headers-devel-5.5.1-3.1

libqt5-qtx11extras-5.5.1-3.1

libqt5-qtx11extras-devel-5.5.1-3.1

libqt5-qtx11extras-devel-32bit-5.5.1-3.1

libqt5-qtxmlpatterns-5.5.1-3.1

libqt5-qtxmlpatterns-devel-5.5.1-3.1

libqt5-qtxmlpatterns-devel-32bit-5.5.1-3.1

libqt5-qtxmlpatterns-examples-5.5.1-3.1

libqt5-qtxmlpatterns-private-headers-devel-5.5.1-3.1

lxqt-powermanagement-0.9.0-4.2

lxqt-powermanagement-lang-0.9.0-4.2

lxqt-qtplugin-0.9.0-4.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html
E-Mail link for openSUSE-SU-2015:2368-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.

Затронутые продукты

openSUSE Leap 42.1:calibre-2.46.0-11.1

openSUSE Leap 42.1:fcitx-qt5-1.0.4-6.3

openSUSE Leap 42.1:fcitx-qt5-32bit-1.0.4-6.3

openSUSE Leap 42.1:fcitx-qt5-devel-1.0.4-6.3

Ссылки

https://www.suse.com/security/cve/CVE-2014-8146.html
CVE-2014-8146
https://bugzilla.suse.com/1066493
SUSE Bug 1066493
https://bugzilla.suse.com/910805
SUSE Bug 910805
https://bugzilla.suse.com/927951
SUSE Bug 927951
https://bugzilla.suse.com/929629
SUSE Bug 929629
https://bugzilla.suse.com/959178
SUSE Bug 959178

Описание

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.

Затронутые продукты

openSUSE Leap 42.1:calibre-2.46.0-11.1

openSUSE Leap 42.1:fcitx-qt5-1.0.4-6.3

openSUSE Leap 42.1:fcitx-qt5-32bit-1.0.4-6.3

openSUSE Leap 42.1:fcitx-qt5-devel-1.0.4-6.3

Ссылки

https://www.suse.com/security/cve/CVE-2014-8147.html
CVE-2014-8147
https://bugzilla.suse.com/1066493
SUSE Bug 1066493
https://bugzilla.suse.com/1079317
SUSE Bug 1079317
https://bugzilla.suse.com/910805
SUSE Bug 910805
https://bugzilla.suse.com/910806
SUSE Bug 910806
https://bugzilla.suse.com/927951
SUSE Bug 927951
https://bugzilla.suse.com/929629
SUSE Bug 929629
https://bugzilla.suse.com/959178
SUSE Bug 959178

Описание

The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.

Затронутые продукты

openSUSE Leap 42.1:calibre-2.46.0-11.1

openSUSE Leap 42.1:fcitx-qt5-1.0.4-6.3

openSUSE Leap 42.1:fcitx-qt5-32bit-1.0.4-6.3

openSUSE Leap 42.1:fcitx-qt5-devel-1.0.4-6.3

Ссылки

https://www.suse.com/security/cve/CVE-2015-1284.html
CVE-2015-1284
https://bugzilla.suse.com/939077
SUSE Bug 939077
https://bugzilla.suse.com/959178
SUSE Bug 959178

Описание

The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.

Затронутые продукты

openSUSE Leap 42.1:calibre-2.46.0-11.1

openSUSE Leap 42.1:fcitx-qt5-1.0.4-6.3

openSUSE Leap 42.1:fcitx-qt5-32bit-1.0.4-6.3

openSUSE Leap 42.1:fcitx-qt5-devel-1.0.4-6.3

Ссылки

https://www.suse.com/security/cve/CVE-2015-1290.html
CVE-2015-1290
https://bugzilla.suse.com/959178
SUSE Bug 959178

Описание

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements.

Затронутые продукты

openSUSE Leap 42.1:calibre-2.46.0-11.1

openSUSE Leap 42.1:fcitx-qt5-1.0.4-6.3

openSUSE Leap 42.1:fcitx-qt5-32bit-1.0.4-6.3

openSUSE Leap 42.1:fcitx-qt5-devel-1.0.4-6.3

Ссылки

https://www.suse.com/security/cve/CVE-2015-1291.html
CVE-2015-1291
https://bugzilla.suse.com/944144
SUSE Bug 944144
https://bugzilla.suse.com/959178
SUSE Bug 959178

Описание

The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker.

Затронутые продукты

openSUSE Leap 42.1:calibre-2.46.0-11.1

openSUSE Leap 42.1:fcitx-qt5-1.0.4-6.3

openSUSE Leap 42.1:fcitx-qt5-32bit-1.0.4-6.3

openSUSE Leap 42.1:fcitx-qt5-devel-1.0.4-6.3

Ссылки

https://www.suse.com/security/cve/CVE-2015-1292.html
CVE-2015-1292
https://bugzilla.suse.com/944144
SUSE Bug 944144
https://bugzilla.suse.com/959178
SUSE Bug 959178

Описание

Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation.

Затронутые продукты

openSUSE Leap 42.1:calibre-2.46.0-11.1

openSUSE Leap 42.1:fcitx-qt5-1.0.4-6.3

openSUSE Leap 42.1:fcitx-qt5-32bit-1.0.4-6.3

openSUSE Leap 42.1:fcitx-qt5-devel-1.0.4-6.3

Ссылки

https://www.suse.com/security/cve/CVE-2015-1294.html
CVE-2015-1294
https://bugzilla.suse.com/944144
SUSE Bug 944144
https://bugzilla.suse.com/959178
SUSE Bug 959178

openSUSE-SU-2015:2368-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2014-8146

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2014-8147

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2015-1284

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2015-1290

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2015-1291

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2015-1292

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2015-1294

Описание

Затронутые продукты

Ссылки