An update for qt5-qtbase is now available for openEuler-22.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1489 Final 1.0 1.0 2023-08-12 Initial 2023-08-12 2023-08-12 openEuler SA Tool V1.0 2023-08-12 qt5-qtbase security update An update for qt5-qtbase is now available for openEuler-22.03-LTS-SP2. Qt is a software toolkit for developing applications. Security Fix(es): Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.(CVE-2023-24607) An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.(CVE-2023-32762) An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.(CVE-2023-32763) An update for qt5-qtbase is now available for openEuler-22.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High qt5-qtbase https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1489 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-24607 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-32762 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-32763 https://nvd.nist.gov/vuln/detail/CVE-2023-24607 https://nvd.nist.gov/vuln/detail/CVE-2023-32762 https://nvd.nist.gov/vuln/detail/CVE-2023-32763 openEuler-22.03-LTS-SP2 qt5-qtbase-debuginfo-5.15.2-7.oe2203sp2.aarch64.rpm qt5-qtbase-debugsource-5.15.2-7.oe2203sp2.aarch64.rpm qt5-qtbase-private-devel-5.15.2-7.oe2203sp2.aarch64.rpm qt5-qtbase-static-5.15.2-7.oe2203sp2.aarch64.rpm qt5-qtbase-odbc-5.15.2-7.oe2203sp2.aarch64.rpm qt5-qtbase-devel-5.15.2-7.oe2203sp2.aarch64.rpm qt5-qtbase-examples-5.15.2-7.oe2203sp2.aarch64.rpm qt5-qtbase-mysql-5.15.2-7.oe2203sp2.aarch64.rpm qt5-qtbase-postgresql-5.15.2-7.oe2203sp2.aarch64.rpm qt5-qtbase-gui-5.15.2-7.oe2203sp2.aarch64.rpm qt5-qtbase-5.15.2-7.oe2203sp2.aarch64.rpm qt5-qtbase-common-5.15.2-7.oe2203sp2.noarch.rpm qt5-qtbase-5.15.2-7.oe2203sp2.src.rpm qt5-qtbase-examples-5.15.2-7.oe2203sp2.x86_64.rpm qt5-qtbase-postgresql-5.15.2-7.oe2203sp2.x86_64.rpm qt5-qtbase-devel-5.15.2-7.oe2203sp2.x86_64.rpm qt5-qtbase-mysql-5.15.2-7.oe2203sp2.x86_64.rpm qt5-qtbase-debuginfo-5.15.2-7.oe2203sp2.x86_64.rpm qt5-qtbase-5.15.2-7.oe2203sp2.x86_64.rpm qt5-qtbase-gui-5.15.2-7.oe2203sp2.x86_64.rpm qt5-qtbase-debugsource-5.15.2-7.oe2203sp2.x86_64.rpm qt5-qtbase-static-5.15.2-7.oe2203sp2.x86_64.rpm qt5-qtbase-odbc-5.15.2-7.oe2203sp2.x86_64.rpm qt5-qtbase-private-devel-5.15.2-7.oe2203sp2.x86_64.rpm Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. 2023-08-12 CVE-2023-24607 openEuler-22.03-LTS-SP2 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H qt5-qtbase security update 2023-08-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1489 An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. 2023-08-12 CVE-2023-32762 openEuler-22.03-LTS-SP2 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N qt5-qtbase security update 2023-08-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1489 An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. 2023-08-12 CVE-2023-32763 openEuler-22.03-LTS-SP2 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H qt5-qtbase security update 2023-08-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1489