SUSE Package Hub - openSUSE-2020-1530

Update Info

openSUSE-2020-1530

Security update for libqt4

Type: security

Severity: moderate

Issued: 2020-09-25

Description:

This update for libqt4 fixes the following issues:

* Fix buffer over-read in read_xbm_body (boo#1176315, CVE-2020-17507)
* Fix "double free or corruption" in QXmlStreamReader (boo#1118595, CVE-2018-15518)
* Fix QBmpHandler segfault on malformed BMP file boo#1118596, CVE-2018-19873)
* Fix crash when parsing malformed url reference (boo#1118599, CVE-2018-19869)


This update was imported from the openSUSE:Leap:15.1:Update update project.
This update was imported from the openSUSE:Leap:15.2:Update update project.

References

CVE: CVE-2020-17507
CVE: CVE-2018-19873
CVE: CVE-2018-19869
CVE: CVE-2018-15518
Bugzilla: 1176315 VUL-0: CVE-2020-17507: libqt4,libqt5-qtbase: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp
Bugzilla: 1121214 GCC 9: libqt4 build fails
Bugzilla: 1118599 VUL-1: CVE-2018-19869: libqt5-qtsvg: Fix crash when parsing malformed url reference
Bugzilla: 1118596 VUL-1: CVE-2018-19873: libqt4 ,libqt5-qtbase: QBmpHandler segfault on malformed BMP file
Bugzilla: 1118595 VUL-0: CVE-2018-15518: libqt4 ,libqt5-qtbase: "double free or corruption" in QXmlStreamReader

Packages

libqt4-devel-doc-4.8.7-bp152.4.3.1

libqt4-sql-plugins-4.8.7-bp152.4.3.1

libqt4-4.8.7-bp152.4.3.1