Executive Summary
Summary | |
---|---|
Title | qt5 security, bug fix, and enhancement update |
Informations | |||
---|---|---|---|
Name | RHSA-2019:2135 | First vendor Publication | 2019-08-06 |
Vendor | RedHat | Last vendor Modification | 2019-08-06 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. The following packages have been upgraded to a later upstream version: qt5-qt3d (5.9.7), qt5-qtbase (5.9.7), qt5-qtcanvas3d (5.9.7), qt5-qtconnectivity (5.9.7), qt5-qtdeclarative (5.9.7), qt5-qtdoc (5.9.7), qt5-qtgraphicaleffects (5.9.7), qt5-qtimageformats (5.9.7), qt5-qtlocation (5.9.7), qt5-qtmultimedia (5.9.7), qt5-qtquickcontrols (5.9.7), qt5-qtquickcontrols2 (5.9.7), qt5-qtscript (5.9.7), qt5-qtsensors (5.9.7), qt5-qtserialbus (5.9.7), qt5-qtserialport (5.9.7), qt5-qtsvg (5.9.7), qt5-qttools (5.9.7), qt5-qttranslations (5.9.7), qt5-qtwayland (5.9.7), qt5-qtwebchannel (5.9.7), qt5-qtwebsockets (5.9.7), qt5-qtx11extras (5.9.7), qt5-qtxmlpatterns (5.9.7). (BZ#1564000, BZ#1564001, BZ#1564002, BZ#1564003, BZ#1564004, BZ#1564006, BZ#1564007, BZ#1564008, BZ#1564009, BZ#1564010, BZ#1564011, BZ#1564012, BZ#1564013, BZ#1564014, BZ#1564015, BZ#1564016, BZ#1564017, BZ#1564018, BZ#1564019, BZ#1564020, BZ#1564021, BZ#1564022, BZ#1564023, BZ#1564024) Security Fix(es): * qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518) * qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869) * qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870) * qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871) * qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1564000 - Rebase qt5-qtbase to 5.9.7 1564001 - Rebase qt5-qtcanvas3d to 5.9.7 1564002 - Rebase qt5-qtconnectivity to 5.9.7 1564003 - Rebase qt5-qtdeclarative to 5.9.7 1564004 - Rebase qt5-qtdoc to 5.9.7 1564006 - Rebase qt5-qtgraphicaleffects to 5.9.7 1564007 - Rebase qt5-qtimageformats to 5.9.7 1564008 - Rebase qt5-qtlocation to 5.9.7 1564009 - Rebase qt5-qtmultimedia to 5.9.7 1564010 - Rebase qt5-qtquickcontrols to 5.9.7 1564011 - Rebase qt5-qtquickcontrols2 to 5.9.7 1564012 - Rebase qt5-qtscript to 5.9.7 1564013 - Rebase qt5-qtsensors to 5.9.7 1564014 - Rebase qt5-qtserialbus to 5.9.7 1564015 - Rebase qt5-qtserialport to 5.9.7 1564016 - Rebase qt5-qtsvg to 5.9.7 1564017 - Rebase qt5-qttools to 5.9.7 1564018 - Rebase qt5-qttranslations to 5.9.7 1564019 - Rebase qt5-qtwayland to 5.9.7 1564020 - Rebase qt5-qtwebchannel to 5.9.7 1564021 - Rebase qt5-qtwebsockets to 5.9.7 1564022 - Rebase qt5-qtxmlpatterns to 5.9.7 1564023 - Rebase qt5-qtx11extras to 5.9.7 1564024 - Rebase qt5-qt3d to 5.9.7 1658996 - CVE-2018-19870 qt5-qtbase: QImage allocation failure in qgifhandler 1658998 - CVE-2018-19873 qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file 1659000 - CVE-2018-15518 qt5-qtbase: Double free in QXmlStreamReader 1661460 - CVE-2018-19869 qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service 1661465 - CVE-2018-19871 qt5-qtimageformats: QTgaFile CPU exhaustion |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2019-2135.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
20 % | CWE-476 | NULL Pointer Dereference |
20 % | CWE-415 | Double Free |
20 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
20 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
20 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2019-01-07 | Name : The remote Debian host is missing a security update. File : debian_DLA-1627.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-03-19 13:18:53 |
|