Описание
Security update for qt6-networkauth
This update for qt6-networkauth fixes the following issues:
- CVE-2024-36048: Fixed data race and poor seeding in generateRandomString() (boo#1224782).
Список пакетов
SUSE Package Hub 15 SP5
libQt6NetworkAuth6-6.4.2-bp155.2.3.1
qt6-networkauth-devel-6.4.2-bp155.2.3.1
qt6-networkauth-docs-html-6.4.2-bp155.2.3.1
qt6-networkauth-docs-qch-6.4.2-bp155.2.3.1
qt6-networkauth-examples-6.4.2-bp155.2.3.1
qt6-networkauth-private-devel-6.4.2-bp155.2.3.1
openSUSE Leap 15.5
libQt6NetworkAuth6-6.4.2-bp155.2.3.1
qt6-networkauth-devel-6.4.2-bp155.2.3.1
qt6-networkauth-docs-html-6.4.2-bp155.2.3.1
qt6-networkauth-docs-qch-6.4.2-bp155.2.3.1
qt6-networkauth-examples-6.4.2-bp155.2.3.1
qt6-networkauth-private-devel-6.4.2-bp155.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2024:0138-1
- SUSE Security Ratings
- SUSE Bug 1224782
- SUSE CVE CVE-2024-36048 page
Описание
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
Затронутые продукты
SUSE Package Hub 15 SP5:libQt6NetworkAuth6-6.4.2-bp155.2.3.1
SUSE Package Hub 15 SP5:qt6-networkauth-devel-6.4.2-bp155.2.3.1
SUSE Package Hub 15 SP5:qt6-networkauth-docs-html-6.4.2-bp155.2.3.1
SUSE Package Hub 15 SP5:qt6-networkauth-docs-qch-6.4.2-bp155.2.3.1
Ссылки
- CVE-2024-36048
- SUSE Bug 1224782