qt5-qtbase-5.12.5-6.el8, qt5-qttools-5.12.5-2.el8, qt5-qtwebsockets-5.12.5-2.el8

エラータID: AXSA:2021-1450:01

Release date: 
Thursday, February 11, 2021 - 13:11
Subject: 
qt5-qtbase-5.12.5-6.el8, qt5-qttools-5.12.5-2.el8, qt5-qtwebsockets-5.12.5-2.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt.

Security Fix(es):

* qt: XML entity expansion vulnerability (CVE-2015-9541)

* qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages therefore attacker can cause DOS (CVE-2018-21035)

* qt: files placed by attacker can influence the working directory and lead to malicious code execution (CVE-2020-0569)

* qt: files placed by attacker can influence the working directory and lead to malicious code execution (CVE-2020-0570)

* qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications (CVE-2020-13962)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2015-9541
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
CVE-2018-21035
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
CVE-2020-0569
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-0570
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
CVE-2020-13962
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)

Solution: 

Update packages.

CVEs: 
CVE-2015-9541
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
CVE-2018-21035
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
CVE-2020-0569
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-0570
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
CVE-2020-13962
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
Additional Info: 

N/A

Download: 

SRPMS
  1. qt5-qtbase-5.12.5-6.el8.src.rpm
    MD5: d58d6336ebaf20803ef9123b6c955c8d
    SHA-256: 25fe23588bae5f31b703a6e1594d00df57e1f8a1afd8e0810cd6020c36aed496
    Size: 46.30 MB
  2. qt5-qttools-5.12.5-2.el8.src.rpm
    MD5: 8d7853af05f72ae79265f488e5fb6fb7
    SHA-256: 0d2e8b76155e4d1f19805e08013fd032fb1c379a26e31092a66a8c1f4a9e63ae
    Size: 9.34 MB
  3. qt5-qtwebsockets-5.12.5-2.el8.src.rpm
    MD5: 70f480886090470b1f721f4631622618
    SHA-256: b6a5ade8dc7f903de90abed54a3a9724a3518e3d88de9009579c21eb826bc51d
    Size: 255.15 kB

Asianux Server 8 for x86_64
  1. qt5-qtbase-5.12.5-6.el8.x86_64.rpm
    MD5: 64d87b425f415be2370dc659406701de
    SHA-256: 9c66ca6ad04ec1502bca4e679dacea421a0017ea594830f549acf640523eae6a
    Size: 3.42 MB
  2. qt5-qtbase-common-5.12.5-6.el8.noarch.rpm
    MD5: 97f8358e7468cfecb0b96858444e0be8
    SHA-256: a54197f5f83294845fd320188d2199c8775af894e676c62feefd5590cd6f45d0
    Size: 38.98 kB
  3. qt5-qtbase-devel-5.12.5-6.el8.x86_64.rpm
    MD5: 5289f6711938558c01ee71584618461a
    SHA-256: e5c105511ada1a78f8083be67351526c6009a2ac41bf4759c76d7fecb6c646e3
    Size: 3.18 MB
  4. qt5-qtbase-examples-5.12.5-6.el8.x86_64.rpm
    MD5: 32ea96a1557912183b0aef68f5722894
    SHA-256: 15d867ceb57653caf46ced48fa4d77ca010f4c39e5d6dfccf33ee7670d53a9bd
    Size: 5.56 MB
  5. qt5-qtbase-gui-5.12.5-6.el8.x86_64.rpm
    MD5: a3f4304481381d91448a9ee331ff6f0b
    SHA-256: 876ef990e0e2cd9d2e3a944f27725763f1df7792afac85359fbb9b73451aedd4
    Size: 5.83 MB
  6. qt5-qtbase-mysql-5.12.5-6.el8.x86_64.rpm
    MD5: d62531ff2e6a08c289cfb38c4e7b490c
    SHA-256: 683a7e5d1570b259a09153ac0d74a74c5936cfd64793946e3c093fbc3f5f2d76
    Size: 67.56 kB
  7. qt5-qtbase-odbc-5.12.5-6.el8.x86_64.rpm
    MD5: cf7a691bfc26fdfb5127cb84a422d894
    SHA-256: d10386d29f66af4918c098afcff631e914bcf3d97835133a1a995c14b7ee8274
    Size: 76.25 kB
  8. qt5-qtbase-postgresql-5.12.5-6.el8.x86_64.rpm
    MD5: daaacb9590c6ba95bc05a7035d22a905
    SHA-256: 4b3729fbaa655996e9afd280238c237c59a7f9017d91d7118042064011576022
    Size: 71.00 kB
  9. qt5-qtbase-private-devel-5.12.5-6.el8.x86_64.rpm
    MD5: a7d51a52b760409297c8e50f25c253f5
    SHA-256: 7d53228d4c2fa1ae2d87c0f5061fdb92a4990770deca6adc5ecbc2090c825296
    Size: 930.22 kB
  10. qt5-assistant-5.12.5-2.el8.x86_64.rpm
    MD5: 75f9d59371f42509b0601f09d4f6538d
    SHA-256: fdb0a98a5e15e3958fb360aec21864027dbfe8c683e999556e1fd7520fdcffc6
    Size: 776.78 kB
  11. qt5-designer-5.12.5-2.el8.x86_64.rpm
    MD5: da1af1b8170f78c14df369fa34f17bd6
    SHA-256: 795d9da5a54adef23ee7ba307c7475c750574adcae47072817750e3daad220f3
    Size: 168.74 kB
  12. qt5-doctools-5.12.5-2.el8.x86_64.rpm
    MD5: 1cb4b312fa2e7258ea432b0f527d8df6
    SHA-256: 1956f2c24fff5d957cefc5eaa4e8338cbf55137e5142e895b9d149be5a48ac2f
    Size: 681.21 kB
  13. qt5-linguist-5.12.5-2.el8.x86_64.rpm
    MD5: 44c8324f27cd5a3c296bd7243e2ea2de
    SHA-256: d331728d5db53ffee51c93f1a566d8b170a0ec021013d74f31a2fb6eacd36583
    Size: 920.12 kB
  14. qt5-qdbusviewer-5.12.5-2.el8.x86_64.rpm
    MD5: 655239d653b2311ec1e6265c29365090
    SHA-256: 150f8367ddd8e86534f3cfae905455461fa1cc5883cbf224ad3e603ddffb9894
    Size: 60.27 kB
  15. qt5-qttools-5.12.5-2.el8.x86_64.rpm
    MD5: cc6a5ec4c609adf1af1804550c0094fd
    SHA-256: 406f34f540f165943c0ea0bdab46499c802645030c789c41ddf9eb357896e07d
    Size: 51.57 kB
  16. qt5-qttools-common-5.12.5-2.el8.noarch.rpm
    MD5: cac280095eb2cb96b89a02fc5c7a8a41
    SHA-256: 3af062527a134804447fb392b2fd575bbb4df241297f5b3a8dbbacf48c14d881
    Size: 20.04 kB
  17. qt5-qttools-devel-5.12.5-2.el8.x86_64.rpm
    MD5: 91e1f090a7894b75d8b1938feecd93ed
    SHA-256: b087c8c22dd03f86bbcfe12419d8c44e69852392e9e1b472ade37d5cec4e05a0
    Size: 191.69 kB
  18. qt5-qttools-examples-5.12.5-2.el8.x86_64.rpm
    MD5: 61d8cfa76ae32eeb8b36ae590e76abfa
    SHA-256: f597d8bd0b516557d727e4e46bc04ce5e95b1d7829b79d6112d870b78480810c
    Size: 583.85 kB
  19. qt5-qttools-libs-designer-5.12.5-2.el8.x86_64.rpm
    MD5: d26d829d7eabcfe945f3f24c1668f7f2
    SHA-256: 6879a72da08a3aac01e012c104a185e0e1eda67dd4bebb2684081c35be17bfa2
    Size: 2.74 MB
  20. qt5-qttools-libs-designercomponents-5.12.5-2.el8.x86_64.rpm
    MD5: b0a7d129f10732947e0dc525af701d72
    SHA-256: d12f6e90fa2e2d5d669a73a2b0bf7e8bd2de965231bb76d92bff049906ca288e
    Size: 808.53 kB
  21. qt5-qttools-libs-help-5.12.5-2.el8.x86_64.rpm
    MD5: 5868a8c47671162bf9ab241b3fae75d1
    SHA-256: 419407699aeb9142dd04565a40c483f1d7314a11166e7f2ba7e43a458526612d
    Size: 150.45 kB
  22. qt5-qtwebsockets-5.12.5-2.el8.x86_64.rpm
    MD5: 018f33ac1ba6f2fb2137267dab743012
    SHA-256: 8f87295cab90a78b72a99b6717ead980488a6ef63d843e7e7da806808d768fff
    Size: 96.25 kB
  23. qt5-qtwebsockets-devel-5.12.5-2.el8.x86_64.rpm
    MD5: a3ec3d95accc9d88342405811fa6a7b1
    SHA-256: 4e1a0781f7f0af90cc1b67654355f2366ce11888442647ced8529b0eae178a4e
    Size: 44.86 kB
  24. qt5-qtwebsockets-examples-5.12.5-2.el8.x86_64.rpm
    MD5: 8df663b8571e9d7aa4bbf4119db51ed6
    SHA-256: f5b527d0f223debaf0dfbc805ad279340f60ecddf342070804b183d1b16bc861
    Size: 63.93 kB
  25. qt5-qtbase-5.12.5-6.el8.i686.rpm
    MD5: 6722671431ed809f288554db1fc47507
    SHA-256: 0144b9808b718b4474ee83e144b89a4941e3f6a60fd1298d8a98f95cdd88894d
    Size: 3.69 MB
  26. qt5-qtbase-devel-5.12.5-6.el8.i686.rpm
    MD5: 03cb7500dfbc2f79ac4721d8dd37ff15
    SHA-256: d3421cb78e24567f913240dc769924a76e33c26ac37a9c8cc736158d22f4dce3
    Size: 3.38 MB
  27. qt5-qtbase-examples-5.12.5-6.el8.i686.rpm
    MD5: 4f4328663ce9b42bb4eb71c0ee6290f5
    SHA-256: 53159b7a652bd3835a0e72d4137bef2b9ecce1467f44d4d58c6c0f22707087bd
    Size: 5.74 MB
  28. qt5-qtbase-gui-5.12.5-6.el8.i686.rpm
    MD5: 701b034e610e4052569835a7b5693058
    SHA-256: f4bee2363e3e7c2b1ee8f40bc70019e759d0a46b0b9cb0849b21c6f7675520b0
    Size: 6.58 MB
  29. qt5-qtbase-mysql-5.12.5-6.el8.i686.rpm
    MD5: f725619341288fe2397a90217b428202
    SHA-256: ff4431b08f0856aac8e54a0c45aa91e1737bac0a56bb35ebc7b4832d0f108ba6
    Size: 70.57 kB
  30. qt5-qtbase-odbc-5.12.5-6.el8.i686.rpm
    MD5: efebcd992eb128bfda2ab0147114ab42
    SHA-256: c495071567ba2c83fb7850154fb9bc62016b54d620a398adbabc81c054139713
    Size: 80.78 kB
  31. qt5-qtbase-postgresql-5.12.5-6.el8.i686.rpm
    MD5: 152d180871cd104af760d7fa62329b22
    SHA-256: ce222e2a358c8f58a090b781e41ecd7651a0fdbbf0879734c400bbb7ede71b0d
    Size: 74.95 kB
  32. qt5-qtbase-private-devel-5.12.5-6.el8.i686.rpm
    MD5: d434665dc9895b228aa0af8acb8e43cc
    SHA-256: 4742c742cdd03f188d8dadc1814d3f015a2ca544d5afa9f74810946df296d23d
    Size: 930.27 kB
  33. qt5-qttools-devel-5.12.5-2.el8.i686.rpm
    MD5: fb66ef27e9ff67c1e6da6af62f5f6979
    SHA-256: 90b69b40fd30b4accf323b75444636bdcde421ef53589ce6412f442f6d6c064c
    Size: 195.63 kB
  34. qt5-qttools-examples-5.12.5-2.el8.i686.rpm
    MD5: 725fcbc5ada231e94005bdbe1c91d5df
    SHA-256: 3299e4559f7df570b76b720039252fc09edf85ef1790ffc6b3f29fbd2ecd8431
    Size: 614.26 kB
  35. qt5-qttools-libs-designer-5.12.5-2.el8.i686.rpm
    MD5: 2cce4bb091be297950e4b6f8802bbf98
    SHA-256: a8e36af697549569daa48c665236be97b087c1987d1919b0cba125705a86323d
    Size: 2.89 MB
  36. qt5-qttools-libs-designercomponents-5.12.5-2.el8.i686.rpm
    MD5: cf2cbcf554c45a9ef35a4c8481ff0d1e
    SHA-256: 7934532a87fb7db360dee090d64d0723d6ad3cc02e6e0ebd7d5388d3a4396d8a
    Size: 912.58 kB
  37. qt5-qttools-libs-help-5.12.5-2.el8.i686.rpm
    MD5: 2db83d49ab3c7f3567eb4a19f53be3e7
    SHA-256: 012e3c37b453bd4b17eb3c5e0776aaa3d578e52fd5bcc3d94c2f489565a2a0cd
    Size: 171.01 kB
  38. qt5-qtwebsockets-5.12.5-2.el8.i686.rpm
    MD5: 9b7374de924fa39ed652806686cbc641
    SHA-256: 16f84e85bce33cb8a6b639d3f52e5f6aa98d17f44ad941623dae160a5584c1f0
    Size: 106.30 kB
  39. qt5-qtwebsockets-devel-5.12.5-2.el8.i686.rpm
    MD5: 981e39aab571455b79cc677005ca86d0
    SHA-256: b39628fe22fbdb2bf45043fd07b71e005d55bb872d0ec7f664ca5160b04936c8
    Size: 46.05 kB