Executive Summary

Summary
Title qt5 security, bug fix, and enhancement update
Informations
Name RHSA-2019:2135 First vendor Publication 2019-08-06
Vendor RedHat Last vendor Modification 2019-08-06
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An update is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt.

The following packages have been upgraded to a later upstream version: qt5-qt3d (5.9.7), qt5-qtbase (5.9.7), qt5-qtcanvas3d (5.9.7), qt5-qtconnectivity (5.9.7), qt5-qtdeclarative (5.9.7), qt5-qtdoc (5.9.7), qt5-qtgraphicaleffects (5.9.7), qt5-qtimageformats (5.9.7), qt5-qtlocation (5.9.7), qt5-qtmultimedia (5.9.7), qt5-qtquickcontrols (5.9.7), qt5-qtquickcontrols2 (5.9.7), qt5-qtscript (5.9.7), qt5-qtsensors (5.9.7), qt5-qtserialbus (5.9.7), qt5-qtserialport (5.9.7), qt5-qtsvg (5.9.7), qt5-qttools (5.9.7), qt5-qttranslations (5.9.7), qt5-qtwayland (5.9.7), qt5-qtwebchannel (5.9.7), qt5-qtwebsockets (5.9.7), qt5-qtx11extras (5.9.7), qt5-qtxmlpatterns (5.9.7). (BZ#1564000, BZ#1564001, BZ#1564002, BZ#1564003, BZ#1564004, BZ#1564006, BZ#1564007, BZ#1564008, BZ#1564009, BZ#1564010, BZ#1564011, BZ#1564012, BZ#1564013, BZ#1564014, BZ#1564015, BZ#1564016, BZ#1564017, BZ#1564018, BZ#1564019, BZ#1564020, BZ#1564021, BZ#1564022, BZ#1564023, BZ#1564024)

Security Fix(es):

* qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)

* qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)

* qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870)

* qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)

* qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1564000 - Rebase qt5-qtbase to 5.9.7 1564001 - Rebase qt5-qtcanvas3d to 5.9.7 1564002 - Rebase qt5-qtconnectivity to 5.9.7 1564003 - Rebase qt5-qtdeclarative to 5.9.7 1564004 - Rebase qt5-qtdoc to 5.9.7 1564006 - Rebase qt5-qtgraphicaleffects to 5.9.7 1564007 - Rebase qt5-qtimageformats to 5.9.7 1564008 - Rebase qt5-qtlocation to 5.9.7 1564009 - Rebase qt5-qtmultimedia to 5.9.7 1564010 - Rebase qt5-qtquickcontrols to 5.9.7 1564011 - Rebase qt5-qtquickcontrols2 to 5.9.7 1564012 - Rebase qt5-qtscript to 5.9.7 1564013 - Rebase qt5-qtsensors to 5.9.7 1564014 - Rebase qt5-qtserialbus to 5.9.7 1564015 - Rebase qt5-qtserialport to 5.9.7 1564016 - Rebase qt5-qtsvg to 5.9.7 1564017 - Rebase qt5-qttools to 5.9.7 1564018 - Rebase qt5-qttranslations to 5.9.7 1564019 - Rebase qt5-qtwayland to 5.9.7 1564020 - Rebase qt5-qtwebchannel to 5.9.7 1564021 - Rebase qt5-qtwebsockets to 5.9.7 1564022 - Rebase qt5-qtxmlpatterns to 5.9.7 1564023 - Rebase qt5-qtx11extras to 5.9.7 1564024 - Rebase qt5-qt3d to 5.9.7 1658996 - CVE-2018-19870 qt5-qtbase: QImage allocation failure in qgifhandler 1658998 - CVE-2018-19873 qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file 1659000 - CVE-2018-15518 qt5-qtbase: Double free in QXmlStreamReader 1661460 - CVE-2018-19869 qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service 1661465 - CVE-2018-19871 qt5-qtimageformats: QTgaFile CPU exhaustion

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2019-2135.html

CWE : Common Weakness Enumeration

% Id Name
20 % CWE-476 NULL Pointer Dereference
20 % CWE-415 Double Free
20 % CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
20 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 84
Os 2
Os 2

Nessus® Vulnerability Scanner

Date Description
2019-01-07 Name : The remote Debian host is missing a security update.
File : debian_DLA-1627.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2020-03-19 13:18:53
  • First insertion