9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.6%
CentOS Errata and Security Advisory CESA-2019:2135
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt.
The following packages have been upgraded to a later upstream version: qt5-qt3d (5.9.7), qt5-qtbase (5.9.7), qt5-qtcanvas3d (5.9.7), qt5-qtconnectivity (5.9.7), qt5-qtdeclarative (5.9.7), qt5-qtdoc (5.9.7), qt5-qtgraphicaleffects (5.9.7), qt5-qtimageformats (5.9.7), qt5-qtlocation (5.9.7), qt5-qtmultimedia (5.9.7), qt5-qtquickcontrols (5.9.7), qt5-qtquickcontrols2 (5.9.7), qt5-qtscript (5.9.7), qt5-qtsensors (5.9.7), qt5-qtserialbus (5.9.7), qt5-qtserialport (5.9.7), qt5-qtsvg (5.9.7), qt5-qttools (5.9.7), qt5-qttranslations (5.9.7), qt5-qtwayland (5.9.7), qt5-qtwebchannel (5.9.7), qt5-qtwebsockets (5.9.7), qt5-qtx11extras (5.9.7), qt5-qtxmlpatterns (5.9.7). (BZ#1564000, BZ#1564001, BZ#1564002, BZ#1564003, BZ#1564004, BZ#1564006, BZ#1564007, BZ#1564008, BZ#1564009, BZ#1564010, BZ#1564011, BZ#1564012, BZ#1564013, BZ#1564014, BZ#1564015, BZ#1564016, BZ#1564017, BZ#1564018, BZ#1564019, BZ#1564020, BZ#1564021, BZ#1564022, BZ#1564023, BZ#1564024)
Security Fix(es):
qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)
qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)
qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870)
qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)
qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032352.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032353.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032354.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032355.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032356.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032357.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032358.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032359.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032360.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032361.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032362.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032363.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032364.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032365.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032366.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032367.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032368.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032369.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032370.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032371.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032372.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032378.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032379.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032380.html
Affected packages:
qt5-assistant
qt5-designer
qt5-doctools
qt5-linguist
qt5-qdbusviewer
qt5-qt3d
qt5-qt3d-devel
qt5-qt3d-doc
qt5-qt3d-examples
qt5-qtbase
qt5-qtbase-common
qt5-qtbase-devel
qt5-qtbase-doc
qt5-qtbase-examples
qt5-qtbase-gui
qt5-qtbase-mysql
qt5-qtbase-odbc
qt5-qtbase-postgresql
qt5-qtbase-static
qt5-qtcanvas3d
qt5-qtcanvas3d-doc
qt5-qtcanvas3d-examples
qt5-qtconnectivity
qt5-qtconnectivity-devel
qt5-qtconnectivity-doc
qt5-qtconnectivity-examples
qt5-qtdeclarative
qt5-qtdeclarative-devel
qt5-qtdeclarative-doc
qt5-qtdeclarative-examples
qt5-qtdeclarative-static
qt5-qtdoc
qt5-qtgraphicaleffects
qt5-qtgraphicaleffects-doc
qt5-qtimageformats
qt5-qtimageformats-doc
qt5-qtlocation
qt5-qtlocation-devel
qt5-qtlocation-doc
qt5-qtlocation-examples
qt5-qtmultimedia
qt5-qtmultimedia-devel
qt5-qtmultimedia-doc
qt5-qtmultimedia-examples
qt5-qtquickcontrols
qt5-qtquickcontrols-doc
qt5-qtquickcontrols-examples
qt5-qtquickcontrols2
qt5-qtquickcontrols2-devel
qt5-qtquickcontrols2-doc
qt5-qtquickcontrols2-examples
qt5-qtscript
qt5-qtscript-devel
qt5-qtscript-doc
qt5-qtscript-examples
qt5-qtsensors
qt5-qtsensors-devel
qt5-qtsensors-doc
qt5-qtsensors-examples
qt5-qtserialbus
qt5-qtserialbus-devel
qt5-qtserialbus-doc
qt5-qtserialbus-examples
qt5-qtserialport
qt5-qtserialport-devel
qt5-qtserialport-doc
qt5-qtserialport-examples
qt5-qtsvg
qt5-qtsvg-devel
qt5-qtsvg-doc
qt5-qtsvg-examples
qt5-qttools
qt5-qttools-common
qt5-qttools-devel
qt5-qttools-doc
qt5-qttools-examples
qt5-qttools-libs-designer
qt5-qttools-libs-designercomponents
qt5-qttools-libs-help
qt5-qttools-static
qt5-qttranslations
qt5-qtwayland
qt5-qtwayland-devel
qt5-qtwayland-doc
qt5-qtwayland-examples
qt5-qtwebchannel
qt5-qtwebchannel-devel
qt5-qtwebchannel-doc
qt5-qtwebchannel-examples
qt5-qtwebsockets
qt5-qtwebsockets-devel
qt5-qtwebsockets-doc
qt5-qtwebsockets-examples
qt5-qtx11extras
qt5-qtx11extras-devel
qt5-qtx11extras-doc
qt5-qtxmlpatterns
qt5-qtxmlpatterns-devel
qt5-qtxmlpatterns-doc
qt5-qtxmlpatterns-examples
qt5-rpm-macros
Upstream details at:
https://access.redhat.com/errata/RHSA-2019:2135
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | i686 | qt5-qt3d | < 5.9.7-1.el7 | qt5-qt3d-5.9.7-1.el7.i686.rpm |
CentOS | 7 | x86_64 | qt5-qt3d | < 5.9.7-1.el7 | qt5-qt3d-5.9.7-1.el7.x86_64.rpm |
CentOS | 7 | i686 | qt5-qt3d-devel | < 5.9.7-1.el7 | qt5-qt3d-devel-5.9.7-1.el7.i686.rpm |
CentOS | 7 | x86_64 | qt5-qt3d-devel | < 5.9.7-1.el7 | qt5-qt3d-devel-5.9.7-1.el7.x86_64.rpm |
CentOS | 7 | noarch | qt5-qt3d-doc | < 5.9.7-1.el7 | qt5-qt3d-doc-5.9.7-1.el7.noarch.rpm |
CentOS | 7 | x86_64 | qt5-qt3d-examples | < 5.9.7-1.el7 | qt5-qt3d-examples-5.9.7-1.el7.x86_64.rpm |
CentOS | 7 | i686 | qt5-qtbase | < 5.9.7-2.el7 | qt5-qtbase-5.9.7-2.el7.i686.rpm |
CentOS | 7 | x86_64 | qt5-qtbase | < 5.9.7-2.el7 | qt5-qtbase-5.9.7-2.el7.x86_64.rpm |
CentOS | 7 | noarch | qt5-qtbase-common | < 5.9.7-2.el7 | qt5-qtbase-common-5.9.7-2.el7.noarch.rpm |
CentOS | 7 | i686 | qt5-qtbase-devel | < 5.9.7-2.el7 | qt5-qtbase-devel-5.9.7-2.el7.i686.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.6%