[ALSA-2020:1665] Moderate: qt5 security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2021-08-11
Description:
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. The following packages have been upgraded to a later upstream version: qt5 (5.12.5), qt5-qt3d (5.12.5), qt5-qtbase (5.12.5), qt5-qtcanvas3d (5.12.5), qt5-qtconnectivity (5.12.5), qt5-qtdeclarative (5.12.5), qt5-qtdoc (5.12.5), qt5-qtgraphicaleffects (5.12.5), qt5-qtimageformats (5.12.5), qt5-qtlocation (5.12.5), qt5-qtmultimedia (5.12.5), qt5-qtquickcontrols (5.12.5), qt5-qtquickcontrols2 (5.12.5), qt5-qtscript (5.12.5), qt5-qtsensors (5.12.5), qt5-qtserialbus (5.12.5), qt5-qtserialport (5.12.5), qt5-qtsvg (5.12.5), qt5-qttools (5.12.5), qt5-qttranslations (5.12.5), qt5-qtwayland (5.12.5), qt5-qtwebchannel (5.12.5), qt5-qtwebsockets (5.12.5), qt5-qtx11extras (5.12.5), qt5-qtxmlpatterns (5.12.5), python-qt5 (5.13.1), sip (4.19.19). (BZ#1775603, BZ#1775604) Security Fix(es): * qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872) * qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869) * qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
i686 qt5-qtquickcontrols2-devel-5.12.5-1.el8.i686.rpm 030312768fd033fc1ebe957f7bc0819c226cff176595e2f881d447f15dd0fe82
i686 qt5-qtwayland-devel-5.12.5-1.el8.i686.rpm 3ee3fb99d2ad06e1d0d31ea7bf2d442252957822641873efc7a3cee834d9f865
i686 python3-qt5-devel-5.13.1-1.el8.i686.rpm da4c02199f30a3274d82c3eb23e5bd7d1f6bab3ea2e4f635e3f9bd2ae8e835d8
i686 qt5-qtdeclarative-static-5.12.5-1.el8.i686.rpm e1c03102339165df9eb0ccc9a16290eb57f42d1277d64855561352d1f1962588
noarch qt5-srpm-macros-5.12.5-3.el8.noarch.rpm 101a505b50134f9cd7da4df03b9dc5eaefcb5655103ed70b1b8bb641fce68a9e
noarch qt5-rpm-macros-5.12.5-3.el8.noarch.rpm 1402fed74e3461d71927972e772e769632b3dc4c79ccb3cc06c3d917a41139a2
noarch qt5-devel-5.12.5-3.el8.noarch.rpm 45d7c4a4042d9effa1f08252e5a9247037b39d8cd0be3c0b758248496a0c2376
noarch qt5-qttranslations-5.12.5-1.el8.noarch.rpm 8dbe277e892d8be3348a0dcfd46efef0db9cd9d67ecd2fda3d7fa91321e6bca8
noarch qt5-qtdoc-5.12.5-1.el8.noarch.rpm c19077cfbb4e7bbfe668482b921370c1739ed7292e5f7de46f88d8e72aeab92a
x86_64 qt5-qtwayland-devel-5.12.5-1.el8.x86_64.rpm 087d0bfd1de3124140ecb95cd6b8774b88139322d799a7f0936f2d7a89e732ca
x86_64 qt5-qtquickcontrols2-devel-5.12.5-1.el8.x86_64.rpm 381a23fe812e759a1993eb84b8c3f52831e25525500531943e1c44258715fe76
x86_64 python3-qt5-devel-5.13.1-1.el8.x86_64.rpm 7dcaa5bddac6b299a85941affe84ef4663ac676827e15184fede5ee73bd30a6a
x86_64 qt5-qtdeclarative-static-5.12.5-1.el8.x86_64.rpm b3eb4a0cf97bd6befb774bd4fe7d5f71afa420c548b015f54aad24fd757adb9d
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.