Red Hat Enterprise Linux 8: RHSA-2019:3390-01 Moderate: qt5-qtbase Security Update
red hat
November 5, 2019
An update for qt5-qtbase is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Summary
Qt is a software toolkit for developing applications. The qt5-base packages
contain base tools for string, xml, and network handling in Qt.
Security Fix(es):
* qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)
* qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870)
* qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file
(CVE-2018-19873)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.1 Release Notes linked from the References section.
Topics Covered
References
https://access.redhat.com/security/cve/CVE-2018-15518 https://access.redhat.com/security/cve/CVE-2018-19870 https://access.redhat.com/security/cve/CVE-2018-19873 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
Package List
Red Hat Enterprise Linux AppStream (v. 8):
Source:
qt5-qtbase-5.11.1-7.el8.src.rpm
qt5-qttools-5.11.1-9.el8.src.rpm
aarch64:
qt5-assistant-5.11.1-9.el8.aarch64.rpm
qt5-assistant-debuginfo-5.11.1-9.el8.aarch64.rpm
qt5-designer-5.11.1-9.el8.aarch64.rpm
qt5-designer-debuginfo-5.11.1-9.el8.aarch64.rpm
qt5-doctools-5.11.1-9.el8.aarch64.rpm
qt5-doctools-debuginfo-5.11.1-9.el8.aarch64.rpm
qt5-linguist-5.11.1-9.el8.aarch64.rpm
qt5-linguist-debuginfo-5.11.1-9.el8.aarch64.rpm
qt5-qdbusviewer-5.11.1-9.el8.aarch64.rpm
qt5-qdbusviewer-debuginfo-5.11.1-9.el8.aarch64.rpm
qt5-qtbase-5.11.1-7.el8.aarch64.rpm
qt5-qtbase-debuginfo-5.11.1-7.el8.aarch64.rpm
qt5-qtbase-debugsource-5.11.1-7.el8.aarch64.rpm
qt5-qtbase-devel-5.11.1-7.el8.aarch64.rpm
qt5-qtbase-devel-debuginfo-5.11.1-7.el8.aarch64.rpm
qt5-qtbase-examples-5.11.1-7.el8.aarch64.rpm
qt5-qtbase-examples-debuginfo-5.11.1-7.el8.aarch64.rpm
qt5-qtbase-gui-5.11.1-7.el8.aarch64.rpm
qt5-qtbase-gui-debuginfo-5.11.1-7.el8.aarch64.rpm
qt5-qtbase-mysql-5.11.1-7.el8.aarch64.rpm
qt5-qtbase-mysql-debuginfo-5.11.1-7.el8.aarch64.rpm
qt5-qtbase-odbc-5.11.1-7.el8.aarch64.rpm
qt5-qtbase-odbc-debuginfo-5.11.1-7.el8.aarch64.rpm
qt5-qtbase-postgresql-5.11.1-7.el8.aarch64.rpm
Read the Full Advisory
PREVIOUS
NEXT
Advisory ID: RHSA-2019:3390-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3390
Issue date: 2019-11-05
Topic
An update for qt5-qtbase is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Topics Covered
Relevant Releases Architectures
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Bugs Fixed
1658996 - CVE-2018-19870 qt5-qtbase: QImage allocation failure in qgifhandler
1658998 - CVE-2018-19873 qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file
1659000 - CVE-2018-15518 qt5-qtbase: Double free in QXmlStreamReader
1692970 - libQt5EglFSDeviceIntegration.so.5 is in the wrong subpackage
1709949 - Rebuild qt5-qttools for LLVM-8
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!