Description:
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt.
Security Fix(es):
* qt: XML entity expansion vulnerability (CVE-2015-9541)
* qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages therefore attacker can cause DOS (CVE-2018-21035)
* qt: files placed by attacker can influence the working directory and lead to malicious code execution (CVE-2020-0569)
* qt: files placed by attacker can influence the working directory and lead to malicious code execution (CVE-2020-0570)
* qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications (CVE-2020-13962)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture |
Package |
Checksum |
i686 |
qt5-qtbase-static-5.12.5-6.el8.i686.rpm |
6d2ada93bc5119a88eb282fa9ea6b862c12d9091f0cb8407d755fbeb88f11b27 |
i686 |
qt5-qttools-static-5.12.5-2.el8.i686.rpm |
ab9a111b516d3e15a955184de790c62dfd7e1068e894db237183df840c9fb42b |
x86_64 |
qt5-qtbase-static-5.12.5-6.el8.x86_64.rpm |
bdad9b6b54fcc7ab9f0c6bba183f41ac575b36c0aca0a189b06636873abc7453 |
x86_64 |
qt5-qttools-static-5.12.5-2.el8.x86_64.rpm |
f55373b68b0cd18b6bc2827dcd09c2836834f0d415da2f5d7007172a0f835c7d |