Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat Enterprise Linux 7: RHSA-2019:2135-01 Moderate: qt5 Security Issues

red hat
Calendar Grey August 6, 2019
Dist Redhat Esm H88
Oracle recently released a bulletin regarding Java SE that outlines key vulnerability fixes along with performance enhancements to bolster system reliability.
An update is now available for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt.
The following packages have been upgraded to a later upstream version: qt5-qt3d (5.9.7), qt5-qtbase (5.9.7), qt5-qtcanvas3d (5.9.7), qt5-qtconnectivity (5.9.7), qt5-qtdeclarative (5.9.7), qt5-qtdoc (5.9.7), qt5-qtgraphicaleffects (5.9.7), qt5-qtimageformats (5.9.7), qt5-qtlocation (5.9.7), qt5-qtmultimedia (5.9.7), qt5-qtquickcontrols (5.9.7), qt5-qtquickcontrols2 (5.9.7), qt5-qtscript (5.9.7), qt5-qtsensors (5.9.7), qt5-qtserialbus (5.9.7), qt5-qtserialport (5.9.7), qt5-qtsvg (5.9.7), qt5-qttools (5.9.7), qt5-qttranslations (5.9.7), qt5-qtwayland (5.9.7), qt5-qtwebchannel (5.9.7), qt5-qtwebsockets (5.9.7), qt5-qtx11extras (5.9.7), qt5-qtxmlpatterns (5.9.7). (BZ#1564000, BZ#1564001, BZ#1564002, BZ#1564003, BZ#1564004, BZ#1564006, BZ#1564007, BZ#1564008, BZ#1564009, BZ#1564010, BZ#1564011, BZ#1564012, BZ#1564013, BZ#1564014, BZ#1564015, BZ#1564016, BZ#1564017, BZ#1564018, BZ#1564019, BZ#1564020, BZ#1564021, BZ#1564022, BZ#1564023, BZ#1564024)
Security Fix(es):
* qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)
* qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)
* qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870)
* qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)
* qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory denial of service Red Hat bug fix moderate severity qt5

References

https://access.redhat.com/security/cve/CVE-2018-15518 https://access.redhat.com/security/cve/CVE-2018-19869 https://access.redhat.com/security/cve/CVE-2018-19870 https://access.redhat.com/security/cve/CVE-2018-19871 https://access.redhat.com/security/cve/CVE-2018-19873 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

Package List

Red Hat Enterprise Linux Client (v. 7):
Source: qt5-qtbase-5.9.7-2.el7.src.rpm
noarch: qt5-qtbase-common-5.9.7-2.el7.noarch.rpm
x86_64: qt5-qtbase-5.9.7-2.el7.i686.rpm qt5-qtbase-5.9.7-2.el7.x86_64.rpm qt5-qtbase-debuginfo-5.9.7-2.el7.i686.rpm qt5-qtbase-debuginfo-5.9.7-2.el7.x86_64.rpm qt5-qtbase-gui-5.9.7-2.el7.i686.rpm qt5-qtbase-gui-5.9.7-2.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
Source: qt5-qtdeclarative-5.9.7-1.el7.src.rpm qt5-qttools-5.9.7-1.el7.src.rpm qt5-qtxmlpatterns-5.9.7-1.el7.src.rpm
noarch: qt5-qttools-common-5.9.7-1.el7.noarch.rpm qt5-qttools-doc-5.9.7-1.el7.noarch.rpm qt5-qtxmlpatterns-doc-5.9.7-1.el7.noarch.rpm qt5-rpm-macros-5.9.7-2.el7.noarch.rpm
x86_64: qt5-assistant-5.9.7-1.el7.x86_64.rpm qt5-designer-5.9.7-1.el7.i686.rpm qt5-designer-5.9.7-1.el7.x86_64.rpm qt5-doctools-5.9.7-1.el7.x86_64.rpm qt5-linguist-5.9.7-1.el7.x86_64.rpm qt5-qdbusviewer-5.9.7-1.el7.x86_64.rpm qt5-qtbase-debuginfo-5.9.7-2.el7.i686.rpm qt5-qtbase-debuginfo-5.9.7-2.el7.x86_64.rpm qt5-qtbase-devel-5.9.7-2.el7.i686.rpm qt5-qtbase-devel-5.9.7-2.el7.x86_64.rpm qt5-qtbase-doc-5.9.7-2.el7.x86_64.rpm qt5-qtbase-examples-5.9.7-2.el7.x86_64.rpm qt5-qtbase-mysql-5.9.7-2.el7.i686.rpm qt5-qtbase-mysql-5.9.7-2.el7.x86_64.rpm qt5-qtbase-odbc-5.9.7-2.el7.i686.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2019:2135-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2135
Issue date: 2019-08-06

Topic

An update is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory denial of service Red Hat bug fix moderate severity qt5

Relevant Releases Architectures

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

Bugs Fixed

1564000 - Rebase qt5-qtbase to 5.9.7

1564001 - Rebase qt5-qtcanvas3d to 5.9.7

1564002 - Rebase qt5-qtconnectivity to 5.9.7

1564003 - Rebase qt5-qtdeclarative to 5.9.7

1564004 - Rebase qt5-qtdoc to 5.9.7

1564006 - Rebase qt5-qtgraphicaleffects to 5.9.7

1564007 - Rebase qt5-qtimageformats to 5.9.7

1564008 - Rebase qt5-qtlocation to 5.9.7

1564009 - Rebase qt5-qtmultimedia to 5.9.7

1564010 - Rebase qt5-qtquickcontrols to 5.9.7

1564011 - Rebase qt5-qtquickcontrols2 to 5.9.7

1564012 - Rebase qt5-qtscript to 5.9.7

1564013 - Rebase qt5-qtsensors to 5.9.7

1564014 - Rebase qt5-qtserialbus to 5.9.7

1564015 - Rebase qt5-qtserialport to 5.9.7

1564016 - Rebase qt5-qtsvg to 5.9.7

1564017 - Rebase qt5-qttools to 5.9.7

1564018 - Rebase qt5-qttranslations to 5.9.7

1564019 - Rebase qt5-qtwayland to 5.9.7

1564020 - Rebase qt5-qtwebchannel to 5.9.7

1564021 - Rebase qt5-qtwebsockets to 5.9.7

1564022 - Rebase qt5-qtxmlpatterns to 5.9.7

1564023 - Rebase qt5-qtx11extras to 5.9.7

1564024 - Rebase qt5-qt3d to 5.9.7

1658996 - CVE-2018-19870 qt5-qtbase: QImage allocation failure in qgifhandler

1658998 - CVE-2018-19873 qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file

1659000 - CVE-2018-15518 qt5-qtbase: Double free in QXmlStreamReader

1661460 - CVE-2018-19869 qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service

1661465 - CVE-2018-19871 qt5-qtimageformats: QTgaFile CPU exhaustion

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here