[SECURITY] [DSA 4556-1] qtbase-opensource-src security update

2019-10-3121:48:30

lists.debian.org

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

81.6%

JSON

Debian Security Advisory DSA-4556-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
October 31, 2019 https://www.debian.org/security/faq

Package : qtbase-opensource-src
CVE ID : CVE-2019-18281

An out-of-bounds memory access was discovered in the Qt library, which
could result in denial of service through a text file containing many
directional characters.

The oldstable distribution (stretch) is not affected.

For the stable distribution (buster), this problem has been fixed in
version 5.11.3+dfsg1-1+deb10u1.

We recommend that you upgrade your qtbase-opensource-src packages.

For the detailed security status of qtbase-opensource-src please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qtbase-opensource-src

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10ppc64elqt5-default< 5.11.3+dfsg1-1+deb10u1qt5-default_5.11.3+dfsg1-1+deb10u1_ppc64el.deb
Debian10s390xlibqt5dbus5-dbgsym< 5.11.3+dfsg1-1+deb10u1libqt5dbus5-dbgsym_5.11.3+dfsg1-1+deb10u1_s390x.deb
Debian10armhfqt5-qmake< 5.11.3+dfsg1-1+deb10u1qt5-qmake_5.11.3+dfsg1-1+deb10u1_armhf.deb
Debian10armhflibqt5sql5-sqlite< 5.11.3+dfsg1-1+deb10u1libqt5sql5-sqlite_5.11.3+dfsg1-1+deb10u1_armhf.deb
Debian10i386qtbase5-dev-tools-dbgsym< 5.11.3+dfsg1-1+deb10u1qtbase5-dev-tools-dbgsym_5.11.3+dfsg1-1+deb10u1_i386.deb
Debian10ppc64ellibqt5sql5-ibase-dbgsym< 5.11.3+dfsg1-1+deb10u1libqt5sql5-ibase-dbgsym_5.11.3+dfsg1-1+deb10u1_ppc64el.deb
Debian10armhflibqt5opengl5-dev< 5.11.3+dfsg1-1+deb10u1libqt5opengl5-dev_5.11.3+dfsg1-1+deb10u1_armhf.deb
Debian10arm64libqt5concurrent5-dbgsym< 5.11.3+dfsg1-1+deb10u1libqt5concurrent5-dbgsym_5.11.3+dfsg1-1+deb10u1_arm64.deb
Debian10mipslibqt5widgets5< 5.11.3+dfsg1-1+deb10u1libqt5widgets5_5.11.3+dfsg1-1+deb10u1_mips.deb
Debian10armellibqt5sql5-mysql-dbgsym< 5.11.3+dfsg1-1+deb10u1libqt5sql5-mysql-dbgsym_5.11.3+dfsg1-1+deb10u1_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	ppc64el	qt5-default	< 5.11.3+dfsg1-1+deb10u1	qt5-default_5.11.3+dfsg1-1+deb10u1_ppc64el.deb
Debian	10	s390x	libqt5dbus5-dbgsym	< 5.11.3+dfsg1-1+deb10u1	libqt5dbus5-dbgsym_5.11.3+dfsg1-1+deb10u1_s390x.deb
Debian	10	armhf	qt5-qmake	< 5.11.3+dfsg1-1+deb10u1	qt5-qmake_5.11.3+dfsg1-1+deb10u1_armhf.deb
Debian	10	armhf	libqt5sql5-sqlite	< 5.11.3+dfsg1-1+deb10u1	libqt5sql5-sqlite_5.11.3+dfsg1-1+deb10u1_armhf.deb
Debian	10	i386	qtbase5-dev-tools-dbgsym	< 5.11.3+dfsg1-1+deb10u1	qtbase5-dev-tools-dbgsym_5.11.3+dfsg1-1+deb10u1_i386.deb
Debian	10	ppc64el	libqt5sql5-ibase-dbgsym	< 5.11.3+dfsg1-1+deb10u1	libqt5sql5-ibase-dbgsym_5.11.3+dfsg1-1+deb10u1_ppc64el.deb
Debian	10	armhf	libqt5opengl5-dev	< 5.11.3+dfsg1-1+deb10u1	libqt5opengl5-dev_5.11.3+dfsg1-1+deb10u1_armhf.deb
Debian	10	arm64	libqt5concurrent5-dbgsym	< 5.11.3+dfsg1-1+deb10u1	libqt5concurrent5-dbgsym_5.11.3+dfsg1-1+deb10u1_arm64.deb
Debian	10	mips	libqt5widgets5	< 5.11.3+dfsg1-1+deb10u1	libqt5widgets5_5.11.3+dfsg1-1+deb10u1_mips.deb
Debian	10	armel	libqt5sql5-mysql-dbgsym	< 5.11.3+dfsg1-1+deb10u1	libqt5sql5-mysql-dbgsym_5.11.3+dfsg1-1+deb10u1_armel.deb