openSUSE 15.4 SUSE-SU-2023:2982-1 Important Buffer Overflow Fix
opensuse
July 26, 2023
This update for libqt5-qtbase fixes the following issues: CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS (bsc#1209616)
Description
This update for libqt5-qtbase fixes the following issues:
* CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS (bsc#1209616).
* CVE-2023-32762: Fixed Qt Network incorrectly parses the strict-transport-
security (HSTS) header (bsc#1211797).
* CVE-2023-32763: Fixed buffer overflow when rendering an SVG file with an
image inside it (bsc#1211798).
* CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642).
* CVE-2023-34410: Fixed certificate validation does not always consider
whether the root of a chain is a configured CA certificate (bsc#1211994).
* CVE-2023-38197: Fixed infinite loops in QXmlStreamReader(bsc#1213326).
Topics Covered
Patch
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Desktop Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2982=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-2982=1 openSUSE-SLE-15.4-2023-2982=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2982=1
Package List
* Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libQt5Sql5-mysql-5.15.2+kde294-150400.6.6.1
* libQt5Sql5-mysql-debuginfo-5.15.2+kde294-150400.6.6.1
* libQt5Sql5-postgresql-debuginfo-5.15.2+kde294-150400.6.6.1
* libQt5Sql5-unixODBC-5.15.2+kde294-150400.6.6.1
* libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.2+kde294-150400.6.6.1
* libqt5-qtbase-debugsource-5.15.2+kde294-150400.6.6.1
* libQt5Sql5-postgresql-5.15.2+kde294-150400.6.6.1
* libQt5Sql5-unixODBC-debuginfo-5.15.2+kde294-150400.6.6.1
* libqt5-qtbase-platformtheme-gtk3-5.15.2+kde294-150400.6.6.1
* libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.6.6.1
* openSUSE Leap 15.4 (x86_64)
* libQt5Sql5-postgresql-32bit-5.15.2+kde294-150400.6.6.1
* libQt5Network-devel-32bit-5.15.2+kde294-150400.6.6.1
* libQt5Concurrent5-32bit-5.15.2+kde294-150400.6.6.1
* libQt5OpenGL-devel-32bit-5.15.2+kde294-150400.6.6.1
* libQt5DBus5-32bit-debuginfo-5.15.2+kde294-150400.6.6.1
* libQt5Sql5-unixODBC-32bit-5.15.2+kde294-150400.6.6.1
*...
Read the Full AdvisoryReferences
* #1209616
* #1211024
* #1211642
* #1211797
* #1211798
* #1211994
* #1213326
## References:
* https://www.suse.com/security/cve/CVE-2023-24607.html
* https://www.suse.com/security/cve/CVE-2023-32762.html
* https://www.suse.com/security/cve/CVE-2023-32763.html
* https://www.suse.com/security/cve/CVE-2023-33285.html
* https://www.suse.com/security/cve/CVE-2023-34410.html
* https://www.suse.com/security/cve/CVE-2023-38197.html
* https://bugzilla.suse.com/show_bug.cgi?id=1209616
* https://bugzilla.suse.com/show_bug.cgi?id=1211024
* https://bugzilla.suse.com/show_bug.cgi?id=1211642
* https://bugzilla.suse.com/show_bug.cgi?id=1211797
* https://bugzilla.suse.com/show_bug.cgi?id=1211798
* https://bugzilla.suse.com/show_bug.cgi?id=1211994
* https://bugzilla.suse.com/show_bug.cgi?id=1213326
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2023:2982-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!