Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
EUVDB-ID: #VU74061
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24607
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Qt SQL ODBC driver plugin. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package libqt5-qtbase to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP3
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15: SP2 - SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP3
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2
SUSE Manager Server: 4.2
SUSE Manager Proxy: 4.2
libQt5Network-private-headers-devel: before 5.12.7-150200.4.23.1
libqt5-qtbase-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Gui-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5PrintSupport-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5KmsSupport-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Widgets-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5OpenGL-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5DBus-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Core-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Test-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Sql-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5PlatformSupport-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5DBus5: before 5.12.7-150200.4.23.1
libQt5PrintSupport-devel: before 5.12.7-150200.4.23.1
libQt5Gui5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Network5-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-debugsource: before 5.12.7-150200.4.23.1
libQt5Sql5-sqlite: before 5.12.7-150200.4.23.1
libQt5Sql5-postgresql-debuginfo: before 5.12.7-150200.4.23.1
libQt5Sql5-debuginfo: before 5.12.7-150200.4.23.1
libQt5OpenGL-devel: before 5.12.7-150200.4.23.1
libQt5Sql5-postgresql: before 5.12.7-150200.4.23.1
libQt5Test5: before 5.12.7-150200.4.23.1
libQt5PlatformHeaders-devel: before 5.12.7-150200.4.23.1
libQt5Core-devel: before 5.12.7-150200.4.23.1
libQt5KmsSupport-devel-static: before 5.12.7-150200.4.23.1
libQt5Sql5-unixODBC-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-devel: before 5.12.7-150200.4.23.1
libQt5Test5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Gui-devel: before 5.12.7-150200.4.23.1
libQt5Xml5-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-platformtheme-gtk3: before 5.12.7-150200.4.23.1
libQt5Sql5-unixODBC: before 5.12.7-150200.4.23.1
libQt5Widgets5: before 5.12.7-150200.4.23.1
libQt5OpenGL5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Test-devel: before 5.12.7-150200.4.23.1
libQt5Xml5: before 5.12.7-150200.4.23.1
libQt5Sql-devel: before 5.12.7-150200.4.23.1
libQt5Sql5: before 5.12.7-150200.4.23.1
libQt5Sql5-mysql: before 5.12.7-150200.4.23.1
libQt5OpenGL5: before 5.12.7-150200.4.23.1
libQt5Widgets-devel: before 5.12.7-150200.4.23.1
libQt5Sql5-sqlite-debuginfo: before 5.12.7-150200.4.23.1
libQt5Concurrent-devel: before 5.12.7-150200.4.23.1
libQt5PrintSupport5: before 5.12.7-150200.4.23.1
libQt5DBus-devel-debuginfo: before 5.12.7-150200.4.23.1
libQt5Widgets5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Core5-debuginfo: before 5.12.7-150200.4.23.1
libQt5DBus-devel: before 5.12.7-150200.4.23.1
libQt5Gui5: before 5.12.7-150200.4.23.1
libqt5-qtbase-common-devel: before 5.12.7-150200.4.23.1
libQt5DBus5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Network-devel: before 5.12.7-150200.4.23.1
libQt5Network5: before 5.12.7-150200.4.23.1
libQt5Xml-devel: before 5.12.7-150200.4.23.1
libqt5-qtbase-common-devel-debuginfo: before 5.12.7-150200.4.23.1
libQt5OpenGLExtensions-devel-static: before 5.12.7-150200.4.23.1
libQt5PlatformSupport-devel-static: before 5.12.7-150200.4.23.1
libQt5Concurrent5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Concurrent5: before 5.12.7-150200.4.23.1
libQt5PrintSupport5-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-platformtheme-gtk3-debuginfo: before 5.12.7-150200.4.23.1
libQt5Core5: before 5.12.7-150200.4.23.1
libQt5Sql5-mysql-debuginfo: before 5.12.7-150200.4.23.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20233207-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76666
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32762
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationUpdate the affected package libqt5-qtbase to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP3
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15: SP2 - SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP3
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2
SUSE Manager Server: 4.2
SUSE Manager Proxy: 4.2
libQt5Network-private-headers-devel: before 5.12.7-150200.4.23.1
libqt5-qtbase-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Gui-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5PrintSupport-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5KmsSupport-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Widgets-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5OpenGL-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5DBus-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Core-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Test-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Sql-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5PlatformSupport-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5DBus5: before 5.12.7-150200.4.23.1
libQt5PrintSupport-devel: before 5.12.7-150200.4.23.1
libQt5Gui5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Network5-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-debugsource: before 5.12.7-150200.4.23.1
libQt5Sql5-sqlite: before 5.12.7-150200.4.23.1
libQt5Sql5-postgresql-debuginfo: before 5.12.7-150200.4.23.1
libQt5Sql5-debuginfo: before 5.12.7-150200.4.23.1
libQt5OpenGL-devel: before 5.12.7-150200.4.23.1
libQt5Sql5-postgresql: before 5.12.7-150200.4.23.1
libQt5Test5: before 5.12.7-150200.4.23.1
libQt5PlatformHeaders-devel: before 5.12.7-150200.4.23.1
libQt5Core-devel: before 5.12.7-150200.4.23.1
libQt5KmsSupport-devel-static: before 5.12.7-150200.4.23.1
libQt5Sql5-unixODBC-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-devel: before 5.12.7-150200.4.23.1
libQt5Test5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Gui-devel: before 5.12.7-150200.4.23.1
libQt5Xml5-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-platformtheme-gtk3: before 5.12.7-150200.4.23.1
libQt5Sql5-unixODBC: before 5.12.7-150200.4.23.1
libQt5Widgets5: before 5.12.7-150200.4.23.1
libQt5OpenGL5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Test-devel: before 5.12.7-150200.4.23.1
libQt5Xml5: before 5.12.7-150200.4.23.1
libQt5Sql-devel: before 5.12.7-150200.4.23.1
libQt5Sql5: before 5.12.7-150200.4.23.1
libQt5Sql5-mysql: before 5.12.7-150200.4.23.1
libQt5OpenGL5: before 5.12.7-150200.4.23.1
libQt5Widgets-devel: before 5.12.7-150200.4.23.1
libQt5Sql5-sqlite-debuginfo: before 5.12.7-150200.4.23.1
libQt5Concurrent-devel: before 5.12.7-150200.4.23.1
libQt5PrintSupport5: before 5.12.7-150200.4.23.1
libQt5DBus-devel-debuginfo: before 5.12.7-150200.4.23.1
libQt5Widgets5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Core5-debuginfo: before 5.12.7-150200.4.23.1
libQt5DBus-devel: before 5.12.7-150200.4.23.1
libQt5Gui5: before 5.12.7-150200.4.23.1
libqt5-qtbase-common-devel: before 5.12.7-150200.4.23.1
libQt5DBus5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Network-devel: before 5.12.7-150200.4.23.1
libQt5Network5: before 5.12.7-150200.4.23.1
libQt5Xml-devel: before 5.12.7-150200.4.23.1
libqt5-qtbase-common-devel-debuginfo: before 5.12.7-150200.4.23.1
libQt5OpenGLExtensions-devel-static: before 5.12.7-150200.4.23.1
libQt5PlatformSupport-devel-static: before 5.12.7-150200.4.23.1
libQt5Concurrent5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Concurrent5: before 5.12.7-150200.4.23.1
libQt5PrintSupport5-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-platformtheme-gtk3-debuginfo: before 5.12.7-150200.4.23.1
libQt5Core5: before 5.12.7-150200.4.23.1
libQt5Sql5-mysql-debuginfo: before 5.12.7-150200.4.23.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20233207-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76667
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33285
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to buffer over-read via a crafted reply from a DNS server within the QDnsLookup() function in src/network/kernel/qdnslookup_unix.cpp. A remote attacker can perform a denial of service attack.
MitigationUpdate the affected package libqt5-qtbase to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP3
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15: SP2 - SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP3
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2
SUSE Manager Server: 4.2
SUSE Manager Proxy: 4.2
libQt5Network-private-headers-devel: before 5.12.7-150200.4.23.1
libqt5-qtbase-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Gui-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5PrintSupport-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5KmsSupport-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Widgets-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5OpenGL-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5DBus-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Core-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Test-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Sql-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5PlatformSupport-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5DBus5: before 5.12.7-150200.4.23.1
libQt5PrintSupport-devel: before 5.12.7-150200.4.23.1
libQt5Gui5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Network5-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-debugsource: before 5.12.7-150200.4.23.1
libQt5Sql5-sqlite: before 5.12.7-150200.4.23.1
libQt5Sql5-postgresql-debuginfo: before 5.12.7-150200.4.23.1
libQt5Sql5-debuginfo: before 5.12.7-150200.4.23.1
libQt5OpenGL-devel: before 5.12.7-150200.4.23.1
libQt5Sql5-postgresql: before 5.12.7-150200.4.23.1
libQt5Test5: before 5.12.7-150200.4.23.1
libQt5PlatformHeaders-devel: before 5.12.7-150200.4.23.1
libQt5Core-devel: before 5.12.7-150200.4.23.1
libQt5KmsSupport-devel-static: before 5.12.7-150200.4.23.1
libQt5Sql5-unixODBC-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-devel: before 5.12.7-150200.4.23.1
libQt5Test5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Gui-devel: before 5.12.7-150200.4.23.1
libQt5Xml5-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-platformtheme-gtk3: before 5.12.7-150200.4.23.1
libQt5Sql5-unixODBC: before 5.12.7-150200.4.23.1
libQt5Widgets5: before 5.12.7-150200.4.23.1
libQt5OpenGL5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Test-devel: before 5.12.7-150200.4.23.1
libQt5Xml5: before 5.12.7-150200.4.23.1
libQt5Sql-devel: before 5.12.7-150200.4.23.1
libQt5Sql5: before 5.12.7-150200.4.23.1
libQt5Sql5-mysql: before 5.12.7-150200.4.23.1
libQt5OpenGL5: before 5.12.7-150200.4.23.1
libQt5Widgets-devel: before 5.12.7-150200.4.23.1
libQt5Sql5-sqlite-debuginfo: before 5.12.7-150200.4.23.1
libQt5Concurrent-devel: before 5.12.7-150200.4.23.1
libQt5PrintSupport5: before 5.12.7-150200.4.23.1
libQt5DBus-devel-debuginfo: before 5.12.7-150200.4.23.1
libQt5Widgets5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Core5-debuginfo: before 5.12.7-150200.4.23.1
libQt5DBus-devel: before 5.12.7-150200.4.23.1
libQt5Gui5: before 5.12.7-150200.4.23.1
libqt5-qtbase-common-devel: before 5.12.7-150200.4.23.1
libQt5DBus5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Network-devel: before 5.12.7-150200.4.23.1
libQt5Network5: before 5.12.7-150200.4.23.1
libQt5Xml-devel: before 5.12.7-150200.4.23.1
libqt5-qtbase-common-devel-debuginfo: before 5.12.7-150200.4.23.1
libQt5OpenGLExtensions-devel-static: before 5.12.7-150200.4.23.1
libQt5PlatformSupport-devel-static: before 5.12.7-150200.4.23.1
libQt5Concurrent5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Concurrent5: before 5.12.7-150200.4.23.1
libQt5PrintSupport5-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-platformtheme-gtk3-debuginfo: before 5.12.7-150200.4.23.1
libQt5Core5: before 5.12.7-150200.4.23.1
libQt5Sql5-mysql-debuginfo: before 5.12.7-150200.4.23.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20233207-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78696
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34410
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper validation of TLS certificate chain, where application does not always consider whether the root of a chain is a configured CA certificate. A remote attacker can perform MitM attack.
Update the affected package libqt5-qtbase to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP3
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15: SP2 - SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP3
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2
SUSE Manager Server: 4.2
SUSE Manager Proxy: 4.2
libQt5Network-private-headers-devel: before 5.12.7-150200.4.23.1
libqt5-qtbase-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Gui-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5PrintSupport-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5KmsSupport-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Widgets-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5OpenGL-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5DBus-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Core-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Test-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Sql-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5PlatformSupport-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5DBus5: before 5.12.7-150200.4.23.1
libQt5PrintSupport-devel: before 5.12.7-150200.4.23.1
libQt5Gui5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Network5-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-debugsource: before 5.12.7-150200.4.23.1
libQt5Sql5-sqlite: before 5.12.7-150200.4.23.1
libQt5Sql5-postgresql-debuginfo: before 5.12.7-150200.4.23.1
libQt5Sql5-debuginfo: before 5.12.7-150200.4.23.1
libQt5OpenGL-devel: before 5.12.7-150200.4.23.1
libQt5Sql5-postgresql: before 5.12.7-150200.4.23.1
libQt5Test5: before 5.12.7-150200.4.23.1
libQt5PlatformHeaders-devel: before 5.12.7-150200.4.23.1
libQt5Core-devel: before 5.12.7-150200.4.23.1
libQt5KmsSupport-devel-static: before 5.12.7-150200.4.23.1
libQt5Sql5-unixODBC-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-devel: before 5.12.7-150200.4.23.1
libQt5Test5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Gui-devel: before 5.12.7-150200.4.23.1
libQt5Xml5-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-platformtheme-gtk3: before 5.12.7-150200.4.23.1
libQt5Sql5-unixODBC: before 5.12.7-150200.4.23.1
libQt5Widgets5: before 5.12.7-150200.4.23.1
libQt5OpenGL5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Test-devel: before 5.12.7-150200.4.23.1
libQt5Xml5: before 5.12.7-150200.4.23.1
libQt5Sql-devel: before 5.12.7-150200.4.23.1
libQt5Sql5: before 5.12.7-150200.4.23.1
libQt5Sql5-mysql: before 5.12.7-150200.4.23.1
libQt5OpenGL5: before 5.12.7-150200.4.23.1
libQt5Widgets-devel: before 5.12.7-150200.4.23.1
libQt5Sql5-sqlite-debuginfo: before 5.12.7-150200.4.23.1
libQt5Concurrent-devel: before 5.12.7-150200.4.23.1
libQt5PrintSupport5: before 5.12.7-150200.4.23.1
libQt5DBus-devel-debuginfo: before 5.12.7-150200.4.23.1
libQt5Widgets5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Core5-debuginfo: before 5.12.7-150200.4.23.1
libQt5DBus-devel: before 5.12.7-150200.4.23.1
libQt5Gui5: before 5.12.7-150200.4.23.1
libqt5-qtbase-common-devel: before 5.12.7-150200.4.23.1
libQt5DBus5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Network-devel: before 5.12.7-150200.4.23.1
libQt5Network5: before 5.12.7-150200.4.23.1
libQt5Xml-devel: before 5.12.7-150200.4.23.1
libqt5-qtbase-common-devel-debuginfo: before 5.12.7-150200.4.23.1
libQt5OpenGLExtensions-devel-static: before 5.12.7-150200.4.23.1
libQt5PlatformSupport-devel-static: before 5.12.7-150200.4.23.1
libQt5Concurrent5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Concurrent5: before 5.12.7-150200.4.23.1
libQt5PrintSupport5-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-platformtheme-gtk3-debuginfo: before 5.12.7-150200.4.23.1
libQt5Core5: before 5.12.7-150200.4.23.1
libQt5Sql5-mysql-debuginfo: before 5.12.7-150200.4.23.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20233207-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78697
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38197
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when handling recursive expansions. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationUpdate the affected package libqt5-qtbase to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP3
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15: SP2 - SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP3
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2
SUSE Manager Server: 4.2
SUSE Manager Proxy: 4.2
libQt5Network-private-headers-devel: before 5.12.7-150200.4.23.1
libqt5-qtbase-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Gui-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5PrintSupport-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5KmsSupport-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Widgets-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5OpenGL-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5DBus-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Core-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Test-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5Sql-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5PlatformSupport-private-headers-devel: before 5.12.7-150200.4.23.1
libQt5DBus5: before 5.12.7-150200.4.23.1
libQt5PrintSupport-devel: before 5.12.7-150200.4.23.1
libQt5Gui5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Network5-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-debugsource: before 5.12.7-150200.4.23.1
libQt5Sql5-sqlite: before 5.12.7-150200.4.23.1
libQt5Sql5-postgresql-debuginfo: before 5.12.7-150200.4.23.1
libQt5Sql5-debuginfo: before 5.12.7-150200.4.23.1
libQt5OpenGL-devel: before 5.12.7-150200.4.23.1
libQt5Sql5-postgresql: before 5.12.7-150200.4.23.1
libQt5Test5: before 5.12.7-150200.4.23.1
libQt5PlatformHeaders-devel: before 5.12.7-150200.4.23.1
libQt5Core-devel: before 5.12.7-150200.4.23.1
libQt5KmsSupport-devel-static: before 5.12.7-150200.4.23.1
libQt5Sql5-unixODBC-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-devel: before 5.12.7-150200.4.23.1
libQt5Test5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Gui-devel: before 5.12.7-150200.4.23.1
libQt5Xml5-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-platformtheme-gtk3: before 5.12.7-150200.4.23.1
libQt5Sql5-unixODBC: before 5.12.7-150200.4.23.1
libQt5Widgets5: before 5.12.7-150200.4.23.1
libQt5OpenGL5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Test-devel: before 5.12.7-150200.4.23.1
libQt5Xml5: before 5.12.7-150200.4.23.1
libQt5Sql-devel: before 5.12.7-150200.4.23.1
libQt5Sql5: before 5.12.7-150200.4.23.1
libQt5Sql5-mysql: before 5.12.7-150200.4.23.1
libQt5OpenGL5: before 5.12.7-150200.4.23.1
libQt5Widgets-devel: before 5.12.7-150200.4.23.1
libQt5Sql5-sqlite-debuginfo: before 5.12.7-150200.4.23.1
libQt5Concurrent-devel: before 5.12.7-150200.4.23.1
libQt5PrintSupport5: before 5.12.7-150200.4.23.1
libQt5DBus-devel-debuginfo: before 5.12.7-150200.4.23.1
libQt5Widgets5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Core5-debuginfo: before 5.12.7-150200.4.23.1
libQt5DBus-devel: before 5.12.7-150200.4.23.1
libQt5Gui5: before 5.12.7-150200.4.23.1
libqt5-qtbase-common-devel: before 5.12.7-150200.4.23.1
libQt5DBus5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Network-devel: before 5.12.7-150200.4.23.1
libQt5Network5: before 5.12.7-150200.4.23.1
libQt5Xml-devel: before 5.12.7-150200.4.23.1
libqt5-qtbase-common-devel-debuginfo: before 5.12.7-150200.4.23.1
libQt5OpenGLExtensions-devel-static: before 5.12.7-150200.4.23.1
libQt5PlatformSupport-devel-static: before 5.12.7-150200.4.23.1
libQt5Concurrent5-debuginfo: before 5.12.7-150200.4.23.1
libQt5Concurrent5: before 5.12.7-150200.4.23.1
libQt5PrintSupport5-debuginfo: before 5.12.7-150200.4.23.1
libqt5-qtbase-platformtheme-gtk3-debuginfo: before 5.12.7-150200.4.23.1
libQt5Core5: before 5.12.7-150200.4.23.1
libQt5Sql5-mysql-debuginfo: before 5.12.7-150200.4.23.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20233207-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.