6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.008 Low
EPSS
Percentile
81.5%
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt.
The following packages have been upgraded to a later upstream version: qt5 (5.12.5), qt5-qt3d (5.12.5), qt5-qtbase (5.12.5), qt5-qtcanvas3d (5.12.5), qt5-qtconnectivity (5.12.5), qt5-qtdeclarative (5.12.5), qt5-qtdoc (5.12.5), qt5-qtgraphicaleffects (5.12.5), qt5-qtimageformats (5.12.5), qt5-qtlocation (5.12.5), qt5-qtmultimedia (5.12.5), qt5-qtquickcontrols (5.12.5), qt5-qtquickcontrols2 (5.12.5), qt5-qtscript (5.12.5), qt5-qtsensors (5.12.5), qt5-qtserialbus (5.12.5), qt5-qtserialport (5.12.5), qt5-qtsvg (5.12.5), qt5-qttools (5.12.5), qt5-qttranslations (5.12.5), qt5-qtwayland (5.12.5), qt5-qtwebchannel (5.12.5), qt5-qtwebsockets (5.12.5), qt5-qtx11extras (5.12.5), qt5-qtxmlpatterns (5.12.5), python-qt5 (5.13.1), sip (4.19.19). (BZ#1775603, BZ#1775604)
Security Fix(es):
qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872)
qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)
qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section.
bugzilla.redhat.com/show_bug.cgi?id=1661460
bugzilla.redhat.com/show_bug.cgi?id=1661465
bugzilla.redhat.com/show_bug.cgi?id=1691636
bugzilla.redhat.com/show_bug.cgi?id=1733133
bugzilla.redhat.com/show_bug.cgi?id=1733134
bugzilla.redhat.com/show_bug.cgi?id=1733135
bugzilla.redhat.com/show_bug.cgi?id=1733136
bugzilla.redhat.com/show_bug.cgi?id=1733137
bugzilla.redhat.com/show_bug.cgi?id=1733139
bugzilla.redhat.com/show_bug.cgi?id=1733140
bugzilla.redhat.com/show_bug.cgi?id=1733141
bugzilla.redhat.com/show_bug.cgi?id=1733142
bugzilla.redhat.com/show_bug.cgi?id=1733143
bugzilla.redhat.com/show_bug.cgi?id=1733144
bugzilla.redhat.com/show_bug.cgi?id=1733145
bugzilla.redhat.com/show_bug.cgi?id=1733146
bugzilla.redhat.com/show_bug.cgi?id=1733147
bugzilla.redhat.com/show_bug.cgi?id=1733148
bugzilla.redhat.com/show_bug.cgi?id=1733149
bugzilla.redhat.com/show_bug.cgi?id=1733150
bugzilla.redhat.com/show_bug.cgi?id=1733151
bugzilla.redhat.com/show_bug.cgi?id=1733152
bugzilla.redhat.com/show_bug.cgi?id=1733153
bugzilla.redhat.com/show_bug.cgi?id=1733154
bugzilla.redhat.com/show_bug.cgi?id=1733155
bugzilla.redhat.com/show_bug.cgi?id=1733156
bugzilla.redhat.com/show_bug.cgi?id=1733157
bugzilla.redhat.com/show_bug.cgi?id=1733158
bugzilla.redhat.com/show_bug.cgi?id=1733159
bugzilla.redhat.com/show_bug.cgi?id=1765637
bugzilla.redhat.com/show_bug.cgi?id=1769077
bugzilla.redhat.com/show_bug.cgi?id=1774418
bugzilla.redhat.com/show_bug.cgi?id=1775603
bugzilla.redhat.com/show_bug.cgi?id=1775604
errata.rockylinux.org/RLSA-2020:1665
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.008 Low
EPSS
Percentile
81.5%