qt5-5.15.9-1.el9

エラータID: AXSA:2023-6891:08

Release date: 
Tuesday, December 12, 2023 - 09:27
Subject: 
qt5-5.15.9-1.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Qt5 meta package.

Security Fix(es):

* qt: buffer over-read via a crafted reply from a DNS server (CVE-2023-33285)
* qt: allows remote attacker to bypass security restrictions caused by flaw in certificate validation (CVE-2023-34410)
* qt: Uninitialized variable usage in m_unitsPerEm (CVE-2023-32573)

CVE-2023-33285
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
CVE-2023-34410
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
CVE-2023-32573
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.

Solution: 

Update packages.

CVEs: 
CVE-2023-33285
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
CVE-2023-34410
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
CVE-2023-32573
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
Additional Info: 

N/A

Download: 

SRPMS
  1. qt5-5.15.9-1.el9.src.rpm
    MD5: ea609abed2b6382a467ac24d4d1eae10
    SHA-256: 361a969a8ffa94ef2c51a7c8521af637034535a461b845cb83db556005f05811
    Size: 11.37 kB

Asianux Server 9 for x86_64
  1. qt5-5.15.9-1.el9.noarch.rpm
    MD5: 67effcd54428e7a3e3d63a0735491301
    SHA-256: f8c60223cc5cb1136ae5bbc8d0a8d07502d376dacaa3385e39159f267b8fa126
    Size: 7.87 kB
  2. qt5-devel-5.15.9-1.el9.noarch.rpm
    MD5: 002df6427ff36cf71f66d8035becbedd
    SHA-256: c74b351cc9afa16bfb6c4be1c34da38f0af21dc8e399ea34f5eeb2030be8f3e9
    Size: 7.97 kB
  3. qt5-rpm-macros-5.15.9-1.el9.noarch.rpm
    MD5: 35be01e280fe0538140ca6c7e1e3fa28
    SHA-256: bf6d312dfa59c2ab920f798689abfbe2d30e2784dde8fd5ad0477e10ed8f7371
    Size: 9.05 kB
  4. qt5-srpm-macros-5.15.9-1.el9.noarch.rpm
    MD5: d6c1cf575837838689ff2250d7ff34dc
    SHA-256: 59baade77239b25d765eadf9577fd6e976a97484160431afd2b3b93917f69c5a
    Size: 7.72 kB