Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2019:2135
HistoryAug 30, 2019 - 4:05 a.m.

qt5 security update

2019-08-3004:05:56
CentOS Project
lists.centos.org
217

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.6%

JSON

CentOS Errata and Security Advisory CESA-2019:2135

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt.

The following packages have been upgraded to a later upstream version: qt5-qt3d (5.9.7), qt5-qtbase (5.9.7), qt5-qtcanvas3d (5.9.7), qt5-qtconnectivity (5.9.7), qt5-qtdeclarative (5.9.7), qt5-qtdoc (5.9.7), qt5-qtgraphicaleffects (5.9.7), qt5-qtimageformats (5.9.7), qt5-qtlocation (5.9.7), qt5-qtmultimedia (5.9.7), qt5-qtquickcontrols (5.9.7), qt5-qtquickcontrols2 (5.9.7), qt5-qtscript (5.9.7), qt5-qtsensors (5.9.7), qt5-qtserialbus (5.9.7), qt5-qtserialport (5.9.7), qt5-qtsvg (5.9.7), qt5-qttools (5.9.7), qt5-qttranslations (5.9.7), qt5-qtwayland (5.9.7), qt5-qtwebchannel (5.9.7), qt5-qtwebsockets (5.9.7), qt5-qtx11extras (5.9.7), qt5-qtxmlpatterns (5.9.7). (BZ#1564000, BZ#1564001, BZ#1564002, BZ#1564003, BZ#1564004, BZ#1564006, BZ#1564007, BZ#1564008, BZ#1564009, BZ#1564010, BZ#1564011, BZ#1564012, BZ#1564013, BZ#1564014, BZ#1564015, BZ#1564016, BZ#1564017, BZ#1564018, BZ#1564019, BZ#1564020, BZ#1564021, BZ#1564022, BZ#1564023, BZ#1564024)

Security Fix(es):

  • qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)

  • qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)

  • qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870)

  • qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)

  • qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032352.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032353.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032354.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032355.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032356.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032357.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032358.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032359.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032360.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032361.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032362.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032363.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032364.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032365.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032366.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032367.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032368.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032369.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032370.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032371.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032372.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032378.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032379.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032380.html

Affected packages:
qt5-assistant
qt5-designer
qt5-doctools
qt5-linguist
qt5-qdbusviewer
qt5-qt3d
qt5-qt3d-devel
qt5-qt3d-doc
qt5-qt3d-examples
qt5-qtbase
qt5-qtbase-common
qt5-qtbase-devel
qt5-qtbase-doc
qt5-qtbase-examples
qt5-qtbase-gui
qt5-qtbase-mysql
qt5-qtbase-odbc
qt5-qtbase-postgresql
qt5-qtbase-static
qt5-qtcanvas3d
qt5-qtcanvas3d-doc
qt5-qtcanvas3d-examples
qt5-qtconnectivity
qt5-qtconnectivity-devel
qt5-qtconnectivity-doc
qt5-qtconnectivity-examples
qt5-qtdeclarative
qt5-qtdeclarative-devel
qt5-qtdeclarative-doc
qt5-qtdeclarative-examples
qt5-qtdeclarative-static
qt5-qtdoc
qt5-qtgraphicaleffects
qt5-qtgraphicaleffects-doc
qt5-qtimageformats
qt5-qtimageformats-doc
qt5-qtlocation
qt5-qtlocation-devel
qt5-qtlocation-doc
qt5-qtlocation-examples
qt5-qtmultimedia
qt5-qtmultimedia-devel
qt5-qtmultimedia-doc
qt5-qtmultimedia-examples
qt5-qtquickcontrols
qt5-qtquickcontrols-doc
qt5-qtquickcontrols-examples
qt5-qtquickcontrols2
qt5-qtquickcontrols2-devel
qt5-qtquickcontrols2-doc
qt5-qtquickcontrols2-examples
qt5-qtscript
qt5-qtscript-devel
qt5-qtscript-doc
qt5-qtscript-examples
qt5-qtsensors
qt5-qtsensors-devel
qt5-qtsensors-doc
qt5-qtsensors-examples
qt5-qtserialbus
qt5-qtserialbus-devel
qt5-qtserialbus-doc
qt5-qtserialbus-examples
qt5-qtserialport
qt5-qtserialport-devel
qt5-qtserialport-doc
qt5-qtserialport-examples
qt5-qtsvg
qt5-qtsvg-devel
qt5-qtsvg-doc
qt5-qtsvg-examples
qt5-qttools
qt5-qttools-common
qt5-qttools-devel
qt5-qttools-doc
qt5-qttools-examples
qt5-qttools-libs-designer
qt5-qttools-libs-designercomponents
qt5-qttools-libs-help
qt5-qttools-static
qt5-qttranslations
qt5-qtwayland
qt5-qtwayland-devel
qt5-qtwayland-doc
qt5-qtwayland-examples
qt5-qtwebchannel
qt5-qtwebchannel-devel
qt5-qtwebchannel-doc
qt5-qtwebchannel-examples
qt5-qtwebsockets
qt5-qtwebsockets-devel
qt5-qtwebsockets-doc
qt5-qtwebsockets-examples
qt5-qtx11extras
qt5-qtx11extras-devel
qt5-qtx11extras-doc
qt5-qtxmlpatterns
qt5-qtxmlpatterns-devel
qt5-qtxmlpatterns-doc
qt5-qtxmlpatterns-examples
qt5-rpm-macros

Upstream details at:
https://access.redhat.com/errata/RHSA-2019:2135

OSVersionArchitecturePackageVersionFilename
CentOS7i686qt5-qt3d< 5.9.7-1.el7qt5-qt3d-5.9.7-1.el7.i686.rpm
CentOS7x86_64qt5-qt3d< 5.9.7-1.el7qt5-qt3d-5.9.7-1.el7.x86_64.rpm
CentOS7i686qt5-qt3d-devel< 5.9.7-1.el7qt5-qt3d-devel-5.9.7-1.el7.i686.rpm
CentOS7x86_64qt5-qt3d-devel< 5.9.7-1.el7qt5-qt3d-devel-5.9.7-1.el7.x86_64.rpm
CentOS7noarchqt5-qt3d-doc< 5.9.7-1.el7qt5-qt3d-doc-5.9.7-1.el7.noarch.rpm
CentOS7x86_64qt5-qt3d-examples< 5.9.7-1.el7qt5-qt3d-examples-5.9.7-1.el7.x86_64.rpm
CentOS7i686qt5-qtbase< 5.9.7-2.el7qt5-qtbase-5.9.7-2.el7.i686.rpm
CentOS7x86_64qt5-qtbase< 5.9.7-2.el7qt5-qtbase-5.9.7-2.el7.x86_64.rpm
CentOS7noarchqt5-qtbase-common< 5.9.7-2.el7qt5-qtbase-common-5.9.7-2.el7.noarch.rpm
CentOS7i686qt5-qtbase-devel< 5.9.7-2.el7qt5-qtbase-devel-5.9.7-2.el7.i686.rpm
Rows per page:
1-10 of 1511

Related

fedora 22
oraclelinux 4
nessus 59
openvas 52
osv 9
debian 5
redhat 4
mageia 2
altlinux 1
amazon 2
f5 2
centos 1
qt 1
ubuntu 1
suse 8
almalinux 1
rocky 1
cve 4
debiancve 4
prion 4
veracode 4
ubuntucve 5
redhatcve 3
fedora
fedora
[SECURITY] Fedora 29 Update: mingw-qt5-qtdeclarative-5.11.3-1.fc29
2019-01-30 02:08:11
[SECURITY] Fedora 29 Update: mingw-qt5-qtmultimedia-5.11.3-1.fc29
2019-01-30 02:08:11
[SECURITY] Fedora 29 Update: mingw-qt5-qtwebkit-5.9.4-0.8.gitbd0657f.fc29
2019-01-30 02:08:12
oraclelinux
oraclelinux
qt5 security, bug fix, and enhancement update
2019-08-13 00:00:00
qt security update
2020-04-06 00:00:00
qt5-qtbase security and bug fix update
2019-11-14 00:00:00
nessus
nessus
NewStart CGSL CORE 5.05 / MAIN 5.05 : qt5-qtdoc Multiple Vulnerabilities (NS-SA-2023-0018)
2023-04-11 00:00:00
RHEL 7 : qt5 (RHSA-2019:2135)
2019-08-12 00:00:00
NewStart CGSL CORE 5.05 / MAIN 5.05 : qt5-qtx11extras Multiple Vulnerabilities (NS-SA-2023-0023)
2023-04-11 00:00:00
openvas
openvas
Fedora Update for mingw-qt5-qtgraphicaleffects FEDORA-2019-3c45bd2cc3
2019-05-07 00:00:00
Fedora Update for mingw-qt5-qtdeclarative FEDORA-2019-3c45bd2cc3
2019-05-07 00:00:00
Fedora Update for mingw-qt5-qtscript FEDORA-2019-3c45bd2cc3
2019-05-07 00:00:00
osv
osv
qt4-x11 - security update
2019-05-14 00:00:00
qtbase-opensource-src - security update
2019-01-02 00:00:00
qtbase-opensource-src - security update
2019-01-28 00:00:00
debian
debian
[SECURITY] [DLA 1786-1] qt4-x11 security update
2019-05-14 05:52:32
[SECURITY] [DLA 2377-1] qt4-x11 security update
2020-09-28 07:00:26
[SECURITY] [DSA 4374-1] qtbase-opensource-src security update
2019-01-28 08:40:08
redhat
redhat
(RHSA-2019:2135) Moderate: qt5 security, bug fix, and enhancement update
2019-08-06 08:04:56
(RHSA-2020:1172) Moderate: qt security update
2020-03-31 09:27:54
(RHSA-2019:3390) Moderate: qt5-qtbase security and bug fix update
2019-11-05 17:40:12
mageia
mageia
Updated qt4 packages fix security vulnerabilities
2020-05-08 13:57:54
Updated qtbase5 packages fix security vulnerabilities
2019-01-09 00:50:23
altlinux
altlinux
Security fix for the ALT Linux 8 package qt4 version 4.8.7-alt7.1
2019-09-07 00:00:00
amazon
amazon
Medium: qt
2020-07-14 02:42:00
Medium: qt5-qtbase
2020-02-24 22:05:00
f5
f5
K08037765 : Qt vulnerabilities CVE-2018-19869, CVE-2018-19870, CVE-2018-19871, and CVE-2018-19873
2022-04-22 00:00:00
K42941419 : Multiple Qt vulnerabilities
2022-03-14 00:00:00
centos
centos
qt security update
2020-04-08 19:12:37
qt
qt
Qt 5.11.3 Released with Important Security Updates
2018-12-04 00:00:00
ubuntu
ubuntu
Qt vulnerabilities
2019-06-03 00:00:00
suse
suse
Security update for libqt4 (moderate)
2020-09-26 00:00:00
Security update for libqt4 (moderate)
2020-09-19 00:00:00
Security update for libqt4 (moderate)
2020-09-22 00:00:00
almalinux
almalinux
Moderate: qt5 security, bug fix, and enhancement update
2020-04-28 09:02:52
rocky
rocky
qt5 security, bug fix, and enhancement update
2020-04-28 09:02:52
cve
cve
CVE-2018-19870
2018-12-26 21:29:00
CVE-2018-19871
2018-12-26 21:29:00
CVE-2018-15518
2018-12-26 21:29:00
debiancve
debiancve
CVE-2018-19870
2018-12-26 21:29:00
CVE-2018-15518
2018-12-26 21:29:00
CVE-2018-19871
2018-12-26 21:29:00
prion
prion
Null pointer dereference
2018-12-26 21:29:00
Double free
2018-12-26 21:29:00
Buffer overflow
2018-12-26 21:29:00
veracode
veracode
Segmentation Fault
2020-04-01 00:38:32
Arbitrary Code Execution
2019-11-06 00:20:49
Arbitrary Code Execution
2019-11-06 00:20:50
ubuntucve
ubuntucve
CVE-2018-19871
2018-12-26 00:00:00
CVE-2018-19869
2018-12-26 00:00:00
CVE-2018-19873
2018-12-26 00:00:00
redhatcve
redhatcve
CVE-2018-19871
2020-04-04 23:11:10
CVE-2018-19873
2019-12-26 09:56:39
CVE-2018-15518
2020-03-15 19:36:25

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.6%

JSON
Related for CESA-2019:2135
fedora22oraclelinux4nessus59openvas52osv9debian5redhat4mageia2altlinux1amazon2f52centos1qt1ubuntu1suse8almalinux1rocky1cve4debiancve4prion4veracode4ubuntucve5redhatcve3