Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

openSUSE Leap 15.5: 2023:3225-1 Important: qt6-base Certificate Issue

opensuse
Calendar Grey August 8, 2023
Dist Opensuse Esm H88
SUSE has rolled out a security update for qt6-base which tackles various vulnerabilities, notably significant problems relating to certificate verification.
This update for qt6-base fixes the following issues: CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificat...

Description

This update for qt6-base fixes the following issues:

* CVE-2023-34410: Fixed certificate validation does not always consider

whether the root of a chain is a configured CA certificate (bsc#1211994).

* CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642).

* CVE-2023-32762: Fixed Qt Network incorrectly parses the strict-transport-

security (HSTS) header (bsc#1211797).

* CVE-2023-38197: Fixed infinite loops in QXmlStreamReader(bsc#1213326).

* CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS (bsc#1209616).

Topics%20covered

Topics Covered

security advisory buffer overflow DoS important openSUSE certificate qt6-base

Patch

## Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation

methods like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5

zypper in -t patch SUSE-2023-3225=1 openSUSE-SLE-15.5-2023-3225=1

* Desktop Applications Module 15-SP5

zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3225=1

* SUSE Package Hub 15 15-SP5

zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3225=1

Package List

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)

* libQt6Concurrent6-debuginfo-6.4.2-150500.3.7.4

* qt6-base-common-devel-debuginfo-6.4.2-150500.3.7.4

* qt6-widgets-private-devel-6.4.2-150500.3.7.4

* qt6-gui-devel-6.4.2-150500.3.7.4

* libQt6Network6-debuginfo-6.4.2-150500.3.7.4

* qt6-gui-private-devel-6.4.2-150500.3.7.4

* libQt6Widgets6-6.4.2-150500.3.7.4

* qt6-dbus-devel-6.4.2-150500.3.7.4

* qt6-platformtheme-xdgdesktopportal-6.4.2-150500.3.7.4

* qt6-network-private-devel-6.4.2-150500.3.7.4

* libQt6Test6-debuginfo-6.4.2-150500.3.7.4

* libQt6Sql6-debuginfo-6.4.2-150500.3.7.4

* qt6-base-common-devel-6.4.2-150500.3.7.4

* qt6-base-examples-debuginfo-6.4.2-150500.3.7.4

* qt6-base-docs-html-6.4.2-150500.3.7.1

* qt6-kmssupport-private-devel-6.4.2-150500.3.7.4

* qt6-base-examples-6.4.2-150500.3.7.4

* qt6-platformtheme-gtk3-debuginfo-6.4.2-150500.3.7.4

* qt6-base-docs-qch-6.4.2-150500.3.7.1

* libQt6OpenGL6-debuginfo-6.4.2-150500.3.7.4

* qt6-core-devel-6.4.2-150500.3.7.4

*...

Read the Full Advisory

References

* #1209616

* #1211642

* #1211797

* #1211994

* #1213326

## References:

* https://www.suse.com/security/cve/CVE-2023-24607.html

* https://www.suse.com/security/cve/CVE-2023-32762.html

* https://www.suse.com/security/cve/CVE-2023-33285.html

* https://www.suse.com/security/cve/CVE-2023-34410.html

* https://www.suse.com/security/cve/CVE-2023-38197.html

* https://bugzilla.suse.com/show_bug.cgi?id=1209616

* https://bugzilla.suse.com/show_bug.cgi?id=1211642

* https://bugzilla.suse.com/show_bug.cgi?id=1211797

* https://bugzilla.suse.com/show_bug.cgi?id=1211994

* https://bugzilla.suse.com/show_bug.cgi?id=1213326

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:3225-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow DoS important openSUSE certificate qt6-base

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here