Fedora: 2024:3124-5 Critical: Libgtk-3-0 Memory Corruption Patch

suse

August 16, 2024

* bsc#1214327 * bsc#1218413 * bsc#1222120 * bsc#1227426 * bsc#1227513

Summary

## This update for libqt5-qtbase fixes the following issues: * CVE-2023-37369: Fixed a buffer overflow in QXmlStreamReader (QTBUG-91889, bsc#1214327). * CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms() due to anomalous behavior from the X server (bsc#1222120) * CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted() can be responded to (bsc#1227426) * CVE-2023-51714: Fixed an incorrect integer overflow check (bsc#1218413). Other fixes: \- Add patch from upstream to fix a regression in the ODBC driver (bsc#1227513, QTBUG-112375) \- Add upstream patch to fix a potential overflow in assemble_hpack_block() \- Use pkgconfig(icu-18n) to select current icu ## Patch Instructions:

Topics Covered

security advisory buffer overflow patch important SUSE information leakage libqt5-qtbase

References

* bsc#1214327

* bsc#1218413

* bsc#1222120

* bsc#1227426

* bsc#1227513

* jsc#PED-6193

Cross-

* CVE-2023-37369

* CVE-2023-45935

* CVE-2023-51714

* CVE-2024-39936

CVSS scores:

* CVE-2023-37369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-37369 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-45935 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-51714 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-51714 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-39936 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-39936 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* SUSE Enterprise Storage 7.1

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2024:2946-1

Rating: important

Topics Covered

security advisory buffer overflow patch important SUSE information leakage libqt5-qtbase

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora: 2024:3124-5 Critical: Libgtk-3-0 Memory Corruption Patch

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora: 2024:3124-5 Critical: Libgtk-3-0 Memory Corruption Patch

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!