Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 635
Alerts This Week
Warning Icon 1 635

openSUSE 15.0: 2019:1239-1 Moderate: libqt5-qtbase DoS Risk

opensuse
Calendar Grey April 18, 2019
Dist Opensuse Esm H88
openSUSE Security Update: Security update for libqt5-qtbase ________________________________________
An update that solves two vulnerabilities and has two fixes is now available.

Description

This update for libqt5-qtbase fixes the following issues:

Security issues fixed:

- CVE-2018-19872: Fixed an issue which could allow a division by zero

leading to crash (bsc#1130246).

- CVE-2018-19870: Fixed an improper check in QImage allocation which could

allow Denial of Service when opening crafted gif files (bsc#1118597).

Other issue addressed:

- Fixed an issue which showing remote locations was not allowed

(bsc#1129662).

This update was imported from the SUSE:SLE-15:Update update project.

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1239=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

libQt5Bootstrap-devel-static-5.9.4-lp150.11.1

libQt5Concurrent-devel-5.9.4-lp150.11.1

libQt5Concurrent5-5.9.4-lp150.11.1

libQt5Concurrent5-debuginfo-5.9.4-lp150.11.1

libQt5Core-devel-5.9.4-lp150.11.1

libQt5Core5-5.9.4-lp150.11.1

libQt5Core5-debuginfo-5.9.4-lp150.11.1

libQt5DBus-devel-5.9.4-lp150.11.1

libQt5DBus-devel-debuginfo-5.9.4-lp150.11.1

libQt5DBus5-5.9.4-lp150.11.1

libQt5DBus5-debuginfo-5.9.4-lp150.11.1

libQt5Gui-devel-5.9.4-lp150.11.1

libQt5Gui5-5.9.4-lp150.11.1

libQt5Gui5-debuginfo-5.9.4-lp150.11.1

libQt5KmsSupport-devel-static-5.9.4-lp150.11.1

libQt5Network-devel-5.9.4-lp150.11.1

libQt5Network5-5.9.4-lp150.11.1

libQt5Network5-debuginfo-5.9.4-lp150.11.1

libQt5OpenGL-devel-5.9.4-lp150.11.1

libQt5OpenGL5-5.9.4-lp150.11.1

libQt5OpenGL5-debuginfo-5.9.4-lp150.11.1

libQt5OpenGLExtensions-devel-static-5.9.4-lp150.11.1

libQt5PlatformHeaders-devel-5.9.4-lp150.11.1

libQt5PlatformSupport-devel-static-5.9.4-lp150.11.1

libQt5PrintSupport-devel-5.9.4-lp150.11.1

libQt5PrintSupport5...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2018-19870.html

https://www.suse.com/security/cve/CVE-2018-19872.html

https://bugzilla.suse.com/1108889

https://bugzilla.suse.com/1118597

https://bugzilla.suse.com/1129662

https://bugzilla.suse.com/1130246

--

Announcement ID: openSUSE-SU-2019:1239-1
Rating: moderate
Affected Products: openSUSE Leap 15.0 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.