Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

openSUSE Leap 15.2: openSUSE-SU-2020:1501-1 Moderate: libqt4 Issues

opensuse
Calendar Grey September 22, 2020
Dist Opensuse Esm H88
A newly released security patch for libqt4 resolves various vulnerabilities in openSUSE, boosting overall system security and reliability.
An update that solves four vulnerabilities and has one errata is now available.

Description

This update for libqt4 fixes the following issues:

* Fix buffer over-read in read_xbm_body (boo#1176315, CVE-2020-17507)

* Fix "double free or corruption" in QXmlStreamReader (boo#1118595,

CVE-2018-15518)

* Fix QBmpHandler segfault on malformed BMP file boo#1118596,

CVE-2018-19873)

* Fix crash when parsing malformed url reference (boo#1118599,

CVE-2018-19869)

This update was imported from the openSUSE:Leap:15.1:Update update project.

Topics%20covered

Topics Covered

security advisory segfault double free crash buffer over-read openSUSE libqt4

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1501=1

Package List

- openSUSE Leap 15.2 (i586 x86_64):

libqt4-4.8.7-lp152.10.3.1

libqt4-debuginfo-4.8.7-lp152.10.3.1

libqt4-debugsource-4.8.7-lp152.10.3.1

libqt4-devel-4.8.7-lp152.10.3.1

libqt4-devel-debuginfo-4.8.7-lp152.10.3.1

libqt4-linguist-4.8.7-lp152.10.3.1

libqt4-linguist-debuginfo-4.8.7-lp152.10.3.1

libqt4-private-headers-devel-4.8.7-lp152.10.3.1

libqt4-qt3support-4.8.7-lp152.10.3.1

libqt4-qt3support-debuginfo-4.8.7-lp152.10.3.1

libqt4-sql-4.8.7-lp152.10.3.1

libqt4-sql-debuginfo-4.8.7-lp152.10.3.1

libqt4-sql-sqlite-4.8.7-lp152.10.3.1

libqt4-sql-sqlite-debuginfo-4.8.7-lp152.10.3.1

libqt4-x11-4.8.7-lp152.10.3.1

libqt4-x11-debuginfo-4.8.7-lp152.10.3.1

- openSUSE Leap 15.2 (x86_64):

libqt4-32bit-4.8.7-lp152.10.3.1

libqt4-32bit-debuginfo-4.8.7-lp152.10.3.1

libqt4-devel-32bit-4.8.7-lp152.10.3.1

libqt4-devel-32bit-debuginfo-4.8.7-lp152.10.3.1

libqt4-devel-doc-4.8.7-lp152.10.3.1

libqt4-devel-doc-debuginfo-4.8.7-lp152.10.3.1

libqt4-devel-doc-debugsource-4.8.7-lp152.10.3.1

libqt4-qt3support-32bit-4.8.7-lp152.10.3.1

libqt4-qt3suppor...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2018-15518.html

https://www.suse.com/security/cve/CVE-2018-19869.html

https://www.suse.com/security/cve/CVE-2018-19873.html

https://www.suse.com/security/cve/CVE-2020-17507.html

https://bugzilla.suse.com/1118595

https://bugzilla.suse.com/1118596

https://bugzilla.suse.com/1118599

https://bugzilla.suse.com/1121214

https://bugzilla.suse.com/1176315

--

Announcement ID: openSUSE-SU-2020:1501-1
Rating: moderate
Affected Products: openSUSE Leap 15.2 le.

Topics%20covered

Topics Covered

security advisory segfault double free crash buffer over-read openSUSE libqt4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here