SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3225

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3225

Security update for qt6-base

Type: security

Severity: important

Issued: 2023-08-08

Description:

This update for qt6-base fixes the following issues:

- CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate (bsc#1211994).
- CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642).
- CVE-2023-32762: Fixed Qt Network incorrectly parses the strict-transport-security (HSTS) header (bsc#1211797).
- CVE-2023-38197: Fixed infinite loops in QXmlStreamReader(bsc#1213326).
- CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS (bsc#1209616).

References

CVE: CVE-2023-38197
CVE: CVE-2023-34410
CVE: CVE-2023-33285
CVE: CVE-2023-32762
CVE: CVE-2023-24607
Bugzilla: 1213326 VUL-0: CVE-2023-38197: qt6-base,qt3,libqt4,libqt5-qtbase: infinite loops in QXmlStreamReader
Bugzilla: 1211994 VUL-0: CVE-2023-34410: libqt5-qtbase,qt6-base: certificate validation does not always consider whether the root of a chain is a configured CA certificate
Bugzilla: 1211797 VUL-0: CVE-2023-32762: qt6-base,qt3,libqt4,libqt5-qtbase: Qt Network incorrectly parses the strict-transport-security (HSTS) header
Bugzilla: 1211642 VUL-0: CVE-2023-33285: libqt5-qtbase,qt6-base: Buffer overflow in QDnsLookup
Bugzilla: 1209616 VUL-0: CVE-2023-24607: libqt5-qtbase: qt6-base: Qt SQL ODBC driver plugin DOS

Packages

qt6-base-6.4.2-150500.3.7.4