SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-2873

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-2873

Security update for qt6-base

Type: security

Severity: important

Issued: 2024-08-12

Description:

This update for qt6-base fixes the following issues:

- CVE-2024-33861: Fixed an invalid pointer being passed as a callback which coud lead to modification of the stack (bsc#1223917)
- CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted() can be responded to (bsc#1227426)
- CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms() due to anomalous behavior from the X server (bsc#1222120)

References

CVE: CVE-2024-39936
CVE: CVE-2024-33861
CVE: CVE-2023-45935
Bugzilla: 1227426 VUL-0: CVE-2024-39936: libqt4,libqt5-qtbase,qt3,qt6-base: delay any HTTP2 communication until encrypted() can be responded to
Bugzilla: 1223917 VUL-0: CVE-2024-33861: qt6-base: invalid pointer in QStringConverter
Bugzilla: 1222120 VUL-0: CVE-2023-45935: libqt4,libqt5-qtbase,qt3,qt6-base: NULL pointer dereference via QXcbConnection::initializeAllAtoms()

Packages

qt6-base-6.4.2-150500.3.20.2