Explore top 10 tips to secure your open-source projects now. Read More
×
Multiple vulnerabilities have been discovered in Qt, the worst of which can lead to arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202506-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Qt: Multiple Vulnerabilities Date: June 12, 2025 Bugs: #924647, #931096, #935869, #954261 ID: 202506-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Qt, the worst of which can lead to arbitrary code execution. Background ========== Qt is a cross-platform application development framework. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------- dev-qt/qtbase < 6.8.3-r1 > = 6.8.3-r1 dev-qt/qtgui < 5.15.12-r2 > = 5.15.12-r2 dev-qt/qtnetwork < 5.15.14-r1 > = 5.15.14-r1 Description =========== Multiple vulnerabilities have been discovered in Qt. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Qt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-qt/qtbase-6.8.3-r1" # emerge --ask --oneshot --verbose "> =dev-qt/qtnetwork-5.15.14-r1" # emerge --ask --oneshot --verbose "> =dev-qt/qtgui-5.15.12-r2" References ========== [ 1 ] CVE-2024-25580 https://nvd.nist.gov/vuln/detail/CVE-2024-25580 [ 2 ] CVE-2024-33861 https://nvd.nist.gov/vuln/detail/CVE-2024-33861 [ 3 ] CVE-2024-39936 https://nvd.nist.gov/vuln/detail/CVE-2024-39936 [ 4 ] CVE-2025-3512 https://nvd.nist.gov/vuln/detail/CVE-2025-3512 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202506-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Qt 6.9.1 bugfix release.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c546fd3f09 2025-06-11 02:45:06.590648+00:00 -------------------------------------------------------------------------------- Name : qt6-qtshadertools Product : Fedora 42 Version : 6.9.1 Release : 1.fc42 URL : http://www.qt.io Summary : Qt6 - Qt Shader Tools module builds on the SPIR-V Open Source Ecosystem Description : Qt6 - Qt Shader Tools module builds on the SPIR-V Open Source Ecosystem. -------------------------------------------------------------------------------- Update Information: Qt 6.9.1 bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 2 2025 Jan Grulich - 6.9.1-1 - 6.9.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2369872 - CVE-2025-5455 qt6: QtCore Assertion Failure Denial of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2369872 [ 2 ] Bug #2371133 - CVE-2025-5683 qt5: Qt ICNS Image Crash Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2371133 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c546fd3f09' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Qt 6.9.1 bugfix release.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c546fd3f09 2025-06-11 02:45:06.590648+00:00 -------------------------------------------------------------------------------- Name : plasma-integration Product : Fedora 42 Version : 6.3.5 Release : 3.fc42 URL : Summary : Qt Platform Theme integration plugin for Plasma Description : Qt Platform Theme integration plugin for Plasma. -------------------------------------------------------------------------------- Update Information: Qt 6.9.1 bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 6 2025 Jan Grulich - 6.3.5-3 - Rebuild (qt6) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2369872 - CVE-2025-5455 qt6: QtCore Assertion Failure Denial of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2369872 [ 2 ] Bug #2371133 - CVE-2025-5683 qt5: Qt ICNS Image Crash Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2371133 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c546fd3f09' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Qt 6.9.1 bugfix release.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c546fd3f09 2025-06-11 02:45:06.590648+00:00 -------------------------------------------------------------------------------- Name : dtk6log Product : Fedora 42 Version : 0.0.2 Release : 7.fc42 URL : https://github.com/linuxdeepin/dtk6log Summary : Simple, convenient and thread safe logger for Qt-based C++ apps Description : Simple, convenient and thread safe logger for Qt-based C++ apps. -------------------------------------------------------------------------------- Update Information: Qt 6.9.1 bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 6 2025 Jan Grulich - 0.0.2-7 - Rebuild (qt6) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2369872 - CVE-2025-5455 qt6: QtCore Assertion Failure Denial of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2369872 [ 2 ] Bug #2371133 - CVE-2025-5683 qt5: Qt ICNS Image Crash Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2371133 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c546fd3f09' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
A vulnerability has been discovered in Qt, where a buffer overflow can lead to denial of service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202501-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Qt: Buffer Overflow Date: January 23, 2025 Bugs: #911790 ID: 202501-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Qt, where a buffer overflow can lead to denial of service. Background ========== Qt is a cross-platform application development framework. Affected packages ================= Package Vulnerable Unaffected ------------- ------------ ------------- dev-qt/qtbase < 6.5.2 > = 6.5.2 dev-qt/qtcore < 5.15.10-r1 > = 5.15.10-r1 Description =========== When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash or freeze or get out of memory on recursive entity expansion, with DTD tokens in XML body. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Qt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-qt/qtcore-5.15.10-r1" # emerge --ask --oneshot --verbose "> =dev-qt/qtbase-6.5.2" References ========== [ 1 ] CVE-2023-37369 https://nvd.nist.gov/vuln/detail/CVE-2023-37369 [ 2 ] CVE-2023-38197 https://nvd.nist.gov/vuln/detail/CVE-2023-38197 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202501-08 Concerns? ========= Security is a primary focus ofGentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Qt 5.15.14 bugfix update. Fix CVE-2024-36048. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-2e27372d4c 2024-06-05 01:40:23.602023 -------------------------------------------------------------------------------- Name : qgnomeplatform Product : Fedora 40 Version : 0.9.2 Release : 15.fc40 URL : https://github.com/FedoraQt/QGnomePlatform Summary : Qt Platform Theme aimed to accommodate Gnome settings Description : QGnomePlatform is a Qt Platform Theme aimed to accommodate as much of GNOME settings as possible and utilize them in Qt applications without modifying them - making them fit into the environment as well as possible. -------------------------------------------------------------------------------- Update Information: Qt 5.15.14 bugfix update. Fix CVE-2024-36048 -------------------------------------------------------------------------------- ChangeLog: * Thu May 30 2024 Jan Grulich - 0.9.2-15 - Rebuild (qt5) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2282866 - CVE-2024-36048 qt5-qtnetworkauth: qtnetworkauth: badly seeded PRNG may result in guessable values [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2282866 [ 2 ] Bug #2282867 - CVE-2024-36048 qt5-qtnetworkauth: qtnetworkauth: badly seeded PRNG may result in guessable values [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2282867 [ 3 ] Bug #2282869 - CVE-2024-36048 qt5-qtnetworkauth: qtnetworkauth: badly seeded PRNG may result in guessable values [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2282869 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2e27372d4c' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to qt-5.15.12.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-a8cdce27ac 2024-02-24 01:27:34.256305 -------------------------------------------------------------------------------- Name : mingw-qt5-qtimageformats Product : Fedora 39 Version : 5.15.12 Release : 1.fc39 URL : https://www.qt.io/ Summary : Qt5 for Windows - QtImageFormats component Description : This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. -------------------------------------------------------------------------------- Update Information: Update to qt-5.15.12. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 15 2024 Sandro Mani - 5.15.12-1 - Update to 5.15.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2264425 - TRIAGE CVE-2024-25580 mingw-qt5-qtbase: qtbase: potential buffer overflow when reading KTX images [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2264425 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a8cdce27ac' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Several security issues were fixed in Qt.. =========================================================================Ubuntu Security Notice USN-5081-1 September 16, 2021 qtbase-opensource-src vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Qt. Software Description: - qtbase-opensource-src: Qt 5 libraries Details: It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. (CVE-2020-17507) It was discovered that Qt incorrectly handled certain graphics operations. If a user or automated system were tricked into performing certain graphics operations, a remote attacker could cause Qt to crash, resulting in a denial of service. (CVE-2021-38593) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libqt5core5a 5.9.5+dfsg-0ubuntu2.6 libqt5gui5 5.9.5+dfsg-0ubuntu2.6 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5081-1 CVE-2020-17507, CVE-2021-38593 Package Information: https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.9.5+dfsg-0ubuntu2.6 . Qt libraries for Ubuntu 18.04 LTS have resolved security vulnerabilities. Updates addressing potential denial of service risks have been released.. Ubuntu Updates, Qt Security Issues, Denial Of Service, Software Fixes, Security Patch. . Severity: Critical. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.