An update for qt5-qtbase is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1295 Final 1.0 1.0 2023-05-26 Initial 2023-05-26 2023-05-26 openEuler SA Tool V1.0 2023-05-26 qt5-qtbase security update An update for qt5-qtbase is now available for openEuler-20.03-LTS-SP1. This package provides base tools, such as string, xml, and network handling. Security Fix(es): Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.(CVE-2023-24607) An update for qt5-qtbase is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High qt5-qtbase https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1295 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-24607 https://nvd.nist.gov/vuln/detail/CVE-2023-24607 openEuler-20.03-LTS-SP1 qt5-qtbase-devel-5.11.1-14.oe1.aarch64.rpm qt5-qtbase-debugsource-5.11.1-14.oe1.aarch64.rpm qt5-qtbase-5.11.1-14.oe1.aarch64.rpm qt5-qtbase-gui-5.11.1-14.oe1.aarch64.rpm qt5-qtbase-odbc-5.11.1-14.oe1.aarch64.rpm qt5-qtbase-postgresql-5.11.1-14.oe1.aarch64.rpm qt5-qtbase-mysql-5.11.1-14.oe1.aarch64.rpm qt5-qtbase-debuginfo-5.11.1-14.oe1.aarch64.rpm qt5-qtbase-common-5.11.1-14.oe1.noarch.rpm qt5-qtbase-5.11.1-14.oe1.src.rpm qt5-qtbase-gui-5.11.1-14.oe1.x86_64.rpm qt5-qtbase-mysql-5.11.1-14.oe1.x86_64.rpm qt5-qtbase-debugsource-5.11.1-14.oe1.x86_64.rpm qt5-qtbase-debuginfo-5.11.1-14.oe1.x86_64.rpm qt5-qtbase-5.11.1-14.oe1.x86_64.rpm qt5-qtbase-devel-5.11.1-14.oe1.x86_64.rpm qt5-qtbase-postgresql-5.11.1-14.oe1.x86_64.rpm qt5-qtbase-odbc-5.11.1-14.oe1.x86_64.rpm Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. 2023-05-26 CVE-2023-24607 openEuler-20.03-LTS-SP1 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H qt5-qtbase security update 2023-05-26 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1295