RLSA-2020:1665
See a problem?- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2020:1665.json
- JSON Data
- https://api.osv.dev/v1/vulns/RLSA-2020:1665
- Related
- Published
- 2020-04-28T09:02:52Z
- Modified
- 2023-02-02T14:09:52.903886Z
- Severity
-
- 6.2 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Moderate: qt5 security, bug fix, and enhancement update
- Details
-
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt.
The following packages have been upgraded to a later upstream version: qt5 (5.12.5), qt5-qt3d (5.12.5), qt5-qtbase (5.12.5), qt5-qtcanvas3d (5.12.5), qt5-qtconnectivity (5.12.5), qt5-qtdeclarative (5.12.5), qt5-qtdoc (5.12.5), qt5-qtgraphicaleffects (5.12.5), qt5-qtimageformats (5.12.5), qt5-qtlocation (5.12.5), qt5-qtmultimedia (5.12.5), qt5-qtquickcontrols (5.12.5), qt5-qtquickcontrols2 (5.12.5), qt5-qtscript (5.12.5), qt5-qtsensors (5.12.5), qt5-qtserialbus (5.12.5), qt5-qtserialport (5.12.5), qt5-qtsvg (5.12.5), qt5-qttools (5.12.5), qt5-qttranslations (5.12.5), qt5-qtwayland (5.12.5), qt5-qtwebchannel (5.12.5), qt5-qtwebsockets (5.12.5), qt5-qtx11extras (5.12.5), qt5-qtxmlpatterns (5.12.5), python-qt5 (5.13.1), sip (4.19.19). (BZ#1775603, BZ#1775604)
Security Fix(es):
qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872)
qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)
qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section.
- References
-
- https://errata.rockylinux.org/RLSA-2020:1665
- https://bugzilla.redhat.com/show_bug.cgi?id=1733150
- https://bugzilla.redhat.com/show_bug.cgi?id=1661460
- https://bugzilla.redhat.com/show_bug.cgi?id=1661465
- https://bugzilla.redhat.com/show_bug.cgi?id=1691636
- https://bugzilla.redhat.com/show_bug.cgi?id=1733133
- https://bugzilla.redhat.com/show_bug.cgi?id=1733134
- https://bugzilla.redhat.com/show_bug.cgi?id=1733135
- https://bugzilla.redhat.com/show_bug.cgi?id=1733136
- https://bugzilla.redhat.com/show_bug.cgi?id=1733137
- https://bugzilla.redhat.com/show_bug.cgi?id=1733139
- https://bugzilla.redhat.com/show_bug.cgi?id=1733140
- https://bugzilla.redhat.com/show_bug.cgi?id=1733141
- https://bugzilla.redhat.com/show_bug.cgi?id=1733142
- https://bugzilla.redhat.com/show_bug.cgi?id=1733143
- https://bugzilla.redhat.com/show_bug.cgi?id=1733144
- https://bugzilla.redhat.com/show_bug.cgi?id=1733145
- https://bugzilla.redhat.com/show_bug.cgi?id=1733146
- https://bugzilla.redhat.com/show_bug.cgi?id=1733147
- https://bugzilla.redhat.com/show_bug.cgi?id=1733148
- https://bugzilla.redhat.com/show_bug.cgi?id=1733149
- https://bugzilla.redhat.com/show_bug.cgi?id=1733151
- https://bugzilla.redhat.com/show_bug.cgi?id=1733152
- https://bugzilla.redhat.com/show_bug.cgi?id=1733153
- https://bugzilla.redhat.com/show_bug.cgi?id=1733154
- https://bugzilla.redhat.com/show_bug.cgi?id=1733155
- https://bugzilla.redhat.com/show_bug.cgi?id=1733156
- https://bugzilla.redhat.com/show_bug.cgi?id=1733157
- https://bugzilla.redhat.com/show_bug.cgi?id=1733158
- https://bugzilla.redhat.com/show_bug.cgi?id=1733159
- https://bugzilla.redhat.com/show_bug.cgi?id=1765637
- https://bugzilla.redhat.com/show_bug.cgi?id=1769077
- https://bugzilla.redhat.com/show_bug.cgi?id=1774418
- https://bugzilla.redhat.com/show_bug.cgi?id=1775603
- https://bugzilla.redhat.com/show_bug.cgi?id=1775604
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:8 / python-qt5
Package
- Name
- python-qt5
- Purl
- pkg:rpm/rocky-linux/python-qt5?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qgnomeplatform
Package
- Name
- qgnomeplatform
- Purl
- pkg:rpm/rocky-linux/qgnomeplatform?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5
Package
- Name
- qt5
- Purl
- pkg:rpm/rocky-linux/qt5?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qt3d
Package
- Name
- qt5-qt3d
- Purl
- pkg:rpm/rocky-linux/qt5-qt3d?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtcanvas3d
Package
- Name
- qt5-qtcanvas3d
- Purl
- pkg:rpm/rocky-linux/qt5-qtcanvas3d?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtconnectivity
Package
- Name
- qt5-qtconnectivity
- Purl
- pkg:rpm/rocky-linux/qt5-qtconnectivity?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtdeclarative
Package
- Name
- qt5-qtdeclarative
- Purl
- pkg:rpm/rocky-linux/qt5-qtdeclarative?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtdoc
Package
- Name
- qt5-qtdoc
- Purl
- pkg:rpm/rocky-linux/qt5-qtdoc?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtgraphicaleffects
Package
- Name
- qt5-qtgraphicaleffects
- Purl
- pkg:rpm/rocky-linux/qt5-qtgraphicaleffects?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtimageformats
Package
- Name
- qt5-qtimageformats
- Purl
- pkg:rpm/rocky-linux/qt5-qtimageformats?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtlocation
Package
- Name
- qt5-qtlocation
- Purl
- pkg:rpm/rocky-linux/qt5-qtlocation?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtmultimedia
Package
- Name
- qt5-qtmultimedia
- Purl
- pkg:rpm/rocky-linux/qt5-qtmultimedia?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtquickcontrols2
Package
- Name
- qt5-qtquickcontrols2
- Purl
- pkg:rpm/rocky-linux/qt5-qtquickcontrols2?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtquickcontrols
Package
- Name
- qt5-qtquickcontrols
- Purl
- pkg:rpm/rocky-linux/qt5-qtquickcontrols?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtscript
Package
- Name
- qt5-qtscript
- Purl
- pkg:rpm/rocky-linux/qt5-qtscript?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtsensors
Package
- Name
- qt5-qtsensors
- Purl
- pkg:rpm/rocky-linux/qt5-qtsensors?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtserialbus
Package
- Name
- qt5-qtserialbus
- Purl
- pkg:rpm/rocky-linux/qt5-qtserialbus?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtserialport
Package
- Name
- qt5-qtserialport
- Purl
- pkg:rpm/rocky-linux/qt5-qtserialport?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtsvg
Package
- Name
- qt5-qtsvg
- Purl
- pkg:rpm/rocky-linux/qt5-qtsvg?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qttranslations
Package
- Name
- qt5-qttranslations
- Purl
- pkg:rpm/rocky-linux/qt5-qttranslations?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtwayland
Package
- Name
- qt5-qtwayland
- Purl
- pkg:rpm/rocky-linux/qt5-qtwayland?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtwebchannel
Package
- Name
- qt5-qtwebchannel
- Purl
- pkg:rpm/rocky-linux/qt5-qtwebchannel?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtx11extras
Package
- Name
- qt5-qtx11extras
- Purl
- pkg:rpm/rocky-linux/qt5-qtx11extras?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / qt5-qtxmlpatterns
Package
- Name
- qt5-qtxmlpatterns
- Purl
- pkg:rpm/rocky-linux/qt5-qtxmlpatterns?distro=rocky-linux-8-4-legacy&epoch=0