Описание
Security update for libqt5-qtnetworkauth
This update for libqt5-qtnetworkauth fixes the following issues:
- CVE-2024-36048: Fixed data race and poor seeding in generateRandomString() (boo#1224782).
Список пакетов
SUSE Package Hub 15 SP5
libQt5NetworkAuth5-5.15.2+kde2-bp155.3.3.1
libQt5NetworkAuth5-32bit-5.15.2+kde2-bp155.3.3.1
libQt5NetworkAuth5-64bit-5.15.2+kde2-bp155.3.3.1
libqt5-qtnetworkauth-devel-5.15.2+kde2-bp155.3.3.1
libqt5-qtnetworkauth-devel-32bit-5.15.2+kde2-bp155.3.3.1
libqt5-qtnetworkauth-devel-64bit-5.15.2+kde2-bp155.3.3.1
libqt5-qtnetworkauth-examples-5.15.2+kde2-bp155.3.3.1
libqt5-qtnetworkauth-private-headers-devel-5.15.2+kde2-bp155.3.3.1
openSUSE Leap 15.5
libQt5NetworkAuth5-5.15.2+kde2-bp155.3.3.1
libQt5NetworkAuth5-32bit-5.15.2+kde2-bp155.3.3.1
libQt5NetworkAuth5-64bit-5.15.2+kde2-bp155.3.3.1
libqt5-qtnetworkauth-devel-5.15.2+kde2-bp155.3.3.1
libqt5-qtnetworkauth-devel-32bit-5.15.2+kde2-bp155.3.3.1
libqt5-qtnetworkauth-devel-64bit-5.15.2+kde2-bp155.3.3.1
libqt5-qtnetworkauth-examples-5.15.2+kde2-bp155.3.3.1
libqt5-qtnetworkauth-private-headers-devel-5.15.2+kde2-bp155.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2024:0143-1
- SUSE Security Ratings
- SUSE Bug 1224782
- SUSE CVE CVE-2024-36048 page
Описание
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
Затронутые продукты
SUSE Package Hub 15 SP5:libQt5NetworkAuth5-32bit-5.15.2+kde2-bp155.3.3.1
SUSE Package Hub 15 SP5:libQt5NetworkAuth5-5.15.2+kde2-bp155.3.3.1
SUSE Package Hub 15 SP5:libQt5NetworkAuth5-64bit-5.15.2+kde2-bp155.3.3.1
SUSE Package Hub 15 SP5:libqt5-qtnetworkauth-devel-32bit-5.15.2+kde2-bp155.3.3.1
Ссылки
- CVE-2024-36048
- SUSE Bug 1224782