SUSE update for qt6-base



Published: 2023-08-08
Risk Medium
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2023-24607
CVE-2023-32762
CVE-2023-33285
CVE-2023-34410
CVE-2023-38197
CWE-ID CWE-20
CWE-319
CWE-125
CWE-295
CWE-835
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		SUSE Linux Enterprise Micro
Operating systems & Components / Operating system

Desktop Applications Module
Operating systems & Components / Operating system

SUSE Package Hub 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Real Time 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Desktop 15
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

qt6-docs-common
Operating systems & Components / Operating system package or component

qt6-base-private-devel
Operating systems & Components / Operating system package or component

qt6-base-devel
Operating systems & Components / Operating system package or component

libQt6DBus6
Operating systems & Components / Operating system package or component

libQt6Gui6
Operating systems & Components / Operating system package or component

libQt6OpenGL6
Operating systems & Components / Operating system package or component

qt6-sql-postgresql
Operating systems & Components / Operating system package or component

libQt6OpenGLWidgets6
Operating systems & Components / Operating system package or component

libQt6Gui6-debuginfo
Operating systems & Components / Operating system package or component

qt6-xml-devel
Operating systems & Components / Operating system package or component

qt6-test-devel
Operating systems & Components / Operating system package or component

qt6-sql-sqlite-debuginfo
Operating systems & Components / Operating system package or component

libQt6Test6
Operating systems & Components / Operating system package or component

qt6-sql-mysql-debuginfo
Operating systems & Components / Operating system package or component

libQt6Concurrent6
Operating systems & Components / Operating system package or component

qt6-printsupport-devel
Operating systems & Components / Operating system package or component

qt6-base-debuginfo
Operating systems & Components / Operating system package or component

qt6-sql-devel
Operating systems & Components / Operating system package or component

libQt6OpenGLWidgets6-debuginfo
Operating systems & Components / Operating system package or component

libQt6Core6-debuginfo
Operating systems & Components / Operating system package or component

qt6-sql-private-devel
Operating systems & Components / Operating system package or component

qt6-platformsupport-devel-static
Operating systems & Components / Operating system package or component

qt6-sql-mysql
Operating systems & Components / Operating system package or component

qt6-concurrent-devel
Operating systems & Components / Operating system package or component

qt6-platformsupport-private-devel
Operating systems & Components / Operating system package or component

qt6-printsupport-cups
Operating systems & Components / Operating system package or component

qt6-opengl-private-devel
Operating systems & Components / Operating system package or component

libQt6Xml6-debuginfo
Operating systems & Components / Operating system package or component

libQt6Network6
Operating systems & Components / Operating system package or component

qt6-opengl-devel
Operating systems & Components / Operating system package or component

libQt6Sql6
Operating systems & Components / Operating system package or component

qt6-widgets-devel
Operating systems & Components / Operating system package or component

qt6-sql-unixODBC-debuginfo
Operating systems & Components / Operating system package or component

libQt6Xml6
Operating systems & Components / Operating system package or component

qt6-sql-postgresql-debuginfo
Operating systems & Components / Operating system package or component

qt6-sql-unixODBC
Operating systems & Components / Operating system package or component

qt6-networkinformation-nm-debuginfo
Operating systems & Components / Operating system package or component

qt6-dbus-private-devel
Operating systems & Components / Operating system package or component

libQt6PrintSupport6
Operating systems & Components / Operating system package or component

qt6-printsupport-cups-debuginfo
Operating systems & Components / Operating system package or component

qt6-platformtheme-gtk3
Operating systems & Components / Operating system package or component

qt6-networkinformation-glib-debuginfo
Operating systems & Components / Operating system package or component

qt6-kmssupport-devel-static
Operating systems & Components / Operating system package or component

qt6-network-tls-debuginfo
Operating systems & Components / Operating system package or component

qt6-network-tls
Operating systems & Components / Operating system package or component

qt6-xml-private-devel
Operating systems & Components / Operating system package or component

qt6-test-private-devel
Operating systems & Components / Operating system package or component

libQt6DBus6-debuginfo
Operating systems & Components / Operating system package or component

qt6-printsupport-private-devel
Operating systems & Components / Operating system package or component

qt6-core-private-devel
Operating systems & Components / Operating system package or component

qt6-networkinformation-nm
Operating systems & Components / Operating system package or component

qt6-base-debugsource
Operating systems & Components / Operating system package or component

qt6-network-devel
Operating systems & Components / Operating system package or component

qt6-sql-sqlite
Operating systems & Components / Operating system package or component

libQt6PrintSupport6-debuginfo
Operating systems & Components / Operating system package or component

libQt6Core6
Operating systems & Components / Operating system package or component

libQt6Widgets6-debuginfo
Operating systems & Components / Operating system package or component

qt6-platformtheme-xdgdesktopportal-debuginfo
Operating systems & Components / Operating system package or component

qt6-openglwidgets-devel
Operating systems & Components / Operating system package or component

qt6-networkinformation-glib
Operating systems & Components / Operating system package or component

qt6-core-devel
Operating systems & Components / Operating system package or component

libQt6OpenGL6-debuginfo
Operating systems & Components / Operating system package or component

qt6-base-docs-qch
Operating systems & Components / Operating system package or component

qt6-platformtheme-gtk3-debuginfo
Operating systems & Components / Operating system package or component

qt6-base-examples
Operating systems & Components / Operating system package or component

qt6-kmssupport-private-devel
Operating systems & Components / Operating system package or component

qt6-base-docs-html
Operating systems & Components / Operating system package or component

qt6-base-examples-debuginfo
Operating systems & Components / Operating system package or component

qt6-base-common-devel
Operating systems & Components / Operating system package or component

libQt6Sql6-debuginfo
Operating systems & Components / Operating system package or component

libQt6Test6-debuginfo
Operating systems & Components / Operating system package or component

qt6-network-private-devel
Operating systems & Components / Operating system package or component

qt6-platformtheme-xdgdesktopportal
Operating systems & Components / Operating system package or component

qt6-dbus-devel
Operating systems & Components / Operating system package or component

libQt6Widgets6
Operating systems & Components / Operating system package or component

qt6-gui-private-devel
Operating systems & Components / Operating system package or component

libQt6Network6-debuginfo
Operating systems & Components / Operating system package or component

qt6-gui-devel
Operating systems & Components / Operating system package or component

qt6-widgets-private-devel
Operating systems & Components / Operating system package or component

qt6-base-common-devel-debuginfo
Operating systems & Components / Operating system package or component

libQt6Concurrent6-debuginfo
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU74061

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-24607

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the Qt SQL ODBC driver plugin. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package qt6-base to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

Desktop Applications Module: 15-SP5

SUSE Package Hub 15: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

qt6-docs-common: before 6.4.2-150500.3.7.4

qt6-base-private-devel: before 6.4.2-150500.3.7.4

qt6-base-devel: before 6.4.2-150500.3.7.4

libQt6DBus6: before 6.4.2-150500.3.7.4

libQt6Gui6: before 6.4.2-150500.3.7.4

libQt6OpenGL6: before 6.4.2-150500.3.7.4

qt6-sql-postgresql: before 6.4.2-150500.3.7.4

libQt6OpenGLWidgets6: before 6.4.2-150500.3.7.4

libQt6Gui6-debuginfo: before 6.4.2-150500.3.7.4

qt6-xml-devel: before 6.4.2-150500.3.7.4

qt6-test-devel: before 6.4.2-150500.3.7.4

qt6-sql-sqlite-debuginfo: before 6.4.2-150500.3.7.4

libQt6Test6: before 6.4.2-150500.3.7.4

qt6-sql-mysql-debuginfo: before 6.4.2-150500.3.7.4

libQt6Concurrent6: before 6.4.2-150500.3.7.4

qt6-printsupport-devel: before 6.4.2-150500.3.7.4

qt6-base-debuginfo: before 6.4.2-150500.3.7.4

qt6-sql-devel: before 6.4.2-150500.3.7.4

libQt6OpenGLWidgets6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Core6-debuginfo: before 6.4.2-150500.3.7.4

qt6-sql-private-devel: before 6.4.2-150500.3.7.4

qt6-platformsupport-devel-static: before 6.4.2-150500.3.7.4

qt6-sql-mysql: before 6.4.2-150500.3.7.4

qt6-concurrent-devel: before 6.4.2-150500.3.7.4

qt6-platformsupport-private-devel: before 6.4.2-150500.3.7.4

qt6-printsupport-cups: before 6.4.2-150500.3.7.4

qt6-opengl-private-devel: before 6.4.2-150500.3.7.4

libQt6Xml6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Network6: before 6.4.2-150500.3.7.4

qt6-opengl-devel: before 6.4.2-150500.3.7.4

libQt6Sql6: before 6.4.2-150500.3.7.4

qt6-widgets-devel: before 6.4.2-150500.3.7.4

qt6-sql-unixODBC-debuginfo: before 6.4.2-150500.3.7.4

libQt6Xml6: before 6.4.2-150500.3.7.4

qt6-sql-postgresql-debuginfo: before 6.4.2-150500.3.7.4

qt6-sql-unixODBC: before 6.4.2-150500.3.7.4

qt6-networkinformation-nm-debuginfo: before 6.4.2-150500.3.7.4

qt6-dbus-private-devel: before 6.4.2-150500.3.7.4

libQt6PrintSupport6: before 6.4.2-150500.3.7.4

qt6-printsupport-cups-debuginfo: before 6.4.2-150500.3.7.4

qt6-platformtheme-gtk3: before 6.4.2-150500.3.7.4

qt6-networkinformation-glib-debuginfo: before 6.4.2-150500.3.7.4

qt6-kmssupport-devel-static: before 6.4.2-150500.3.7.4

qt6-network-tls-debuginfo: before 6.4.2-150500.3.7.4

qt6-network-tls: before 6.4.2-150500.3.7.4

qt6-xml-private-devel: before 6.4.2-150500.3.7.4

qt6-test-private-devel: before 6.4.2-150500.3.7.4

libQt6DBus6-debuginfo: before 6.4.2-150500.3.7.4

qt6-printsupport-private-devel: before 6.4.2-150500.3.7.4

qt6-core-private-devel: before 6.4.2-150500.3.7.4

qt6-networkinformation-nm: before 6.4.2-150500.3.7.4

qt6-base-debugsource: before 6.4.2-150500.3.7.4

qt6-network-devel: before 6.4.2-150500.3.7.4

qt6-sql-sqlite: before 6.4.2-150500.3.7.4

libQt6PrintSupport6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Core6: before 6.4.2-150500.3.7.4

libQt6Widgets6-debuginfo: before 6.4.2-150500.3.7.4

qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.4.2-150500.3.7.4

qt6-openglwidgets-devel: before 6.4.2-150500.3.7.4

qt6-networkinformation-glib: before 6.4.2-150500.3.7.4

qt6-core-devel: before 6.4.2-150500.3.7.4

libQt6OpenGL6-debuginfo: before 6.4.2-150500.3.7.4

qt6-base-docs-qch: before 6.4.2-150500.3.7.1

qt6-platformtheme-gtk3-debuginfo: before 6.4.2-150500.3.7.4

qt6-base-examples: before 6.4.2-150500.3.7.4

qt6-kmssupport-private-devel: before 6.4.2-150500.3.7.4

qt6-base-docs-html: before 6.4.2-150500.3.7.1

qt6-base-examples-debuginfo: before 6.4.2-150500.3.7.4

qt6-base-common-devel: before 6.4.2-150500.3.7.4

libQt6Sql6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Test6-debuginfo: before 6.4.2-150500.3.7.4

qt6-network-private-devel: before 6.4.2-150500.3.7.4

qt6-platformtheme-xdgdesktopportal: before 6.4.2-150500.3.7.4

qt6-dbus-devel: before 6.4.2-150500.3.7.4

libQt6Widgets6: before 6.4.2-150500.3.7.4

qt6-gui-private-devel: before 6.4.2-150500.3.7.4

libQt6Network6-debuginfo: before 6.4.2-150500.3.7.4

qt6-gui-devel: before 6.4.2-150500.3.7.4

qt6-widgets-private-devel: before 6.4.2-150500.3.7.4

qt6-base-common-devel-debuginfo: before 6.4.2-150500.3.7.4

libQt6Concurrent6-debuginfo: before 6.4.2-150500.3.7.4

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20233225-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cleartext transmission of sensitive information

EUVDB-ID: #VU76666

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32762

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Mitigation

Update the affected package qt6-base to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

Desktop Applications Module: 15-SP5

SUSE Package Hub 15: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

qt6-docs-common: before 6.4.2-150500.3.7.4

qt6-base-private-devel: before 6.4.2-150500.3.7.4

qt6-base-devel: before 6.4.2-150500.3.7.4

libQt6DBus6: before 6.4.2-150500.3.7.4

libQt6Gui6: before 6.4.2-150500.3.7.4

libQt6OpenGL6: before 6.4.2-150500.3.7.4

qt6-sql-postgresql: before 6.4.2-150500.3.7.4

libQt6OpenGLWidgets6: before 6.4.2-150500.3.7.4

libQt6Gui6-debuginfo: before 6.4.2-150500.3.7.4

qt6-xml-devel: before 6.4.2-150500.3.7.4

qt6-test-devel: before 6.4.2-150500.3.7.4

qt6-sql-sqlite-debuginfo: before 6.4.2-150500.3.7.4

libQt6Test6: before 6.4.2-150500.3.7.4

qt6-sql-mysql-debuginfo: before 6.4.2-150500.3.7.4

libQt6Concurrent6: before 6.4.2-150500.3.7.4

qt6-printsupport-devel: before 6.4.2-150500.3.7.4

qt6-base-debuginfo: before 6.4.2-150500.3.7.4

qt6-sql-devel: before 6.4.2-150500.3.7.4

libQt6OpenGLWidgets6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Core6-debuginfo: before 6.4.2-150500.3.7.4

qt6-sql-private-devel: before 6.4.2-150500.3.7.4

qt6-platformsupport-devel-static: before 6.4.2-150500.3.7.4

qt6-sql-mysql: before 6.4.2-150500.3.7.4

qt6-concurrent-devel: before 6.4.2-150500.3.7.4

qt6-platformsupport-private-devel: before 6.4.2-150500.3.7.4

qt6-printsupport-cups: before 6.4.2-150500.3.7.4

qt6-opengl-private-devel: before 6.4.2-150500.3.7.4

libQt6Xml6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Network6: before 6.4.2-150500.3.7.4

qt6-opengl-devel: before 6.4.2-150500.3.7.4

libQt6Sql6: before 6.4.2-150500.3.7.4

qt6-widgets-devel: before 6.4.2-150500.3.7.4

qt6-sql-unixODBC-debuginfo: before 6.4.2-150500.3.7.4

libQt6Xml6: before 6.4.2-150500.3.7.4

qt6-sql-postgresql-debuginfo: before 6.4.2-150500.3.7.4

qt6-sql-unixODBC: before 6.4.2-150500.3.7.4

qt6-networkinformation-nm-debuginfo: before 6.4.2-150500.3.7.4

qt6-dbus-private-devel: before 6.4.2-150500.3.7.4

libQt6PrintSupport6: before 6.4.2-150500.3.7.4

qt6-printsupport-cups-debuginfo: before 6.4.2-150500.3.7.4

qt6-platformtheme-gtk3: before 6.4.2-150500.3.7.4

qt6-networkinformation-glib-debuginfo: before 6.4.2-150500.3.7.4

qt6-kmssupport-devel-static: before 6.4.2-150500.3.7.4

qt6-network-tls-debuginfo: before 6.4.2-150500.3.7.4

qt6-network-tls: before 6.4.2-150500.3.7.4

qt6-xml-private-devel: before 6.4.2-150500.3.7.4

qt6-test-private-devel: before 6.4.2-150500.3.7.4

libQt6DBus6-debuginfo: before 6.4.2-150500.3.7.4

qt6-printsupport-private-devel: before 6.4.2-150500.3.7.4

qt6-core-private-devel: before 6.4.2-150500.3.7.4

qt6-networkinformation-nm: before 6.4.2-150500.3.7.4

qt6-base-debugsource: before 6.4.2-150500.3.7.4

qt6-network-devel: before 6.4.2-150500.3.7.4

qt6-sql-sqlite: before 6.4.2-150500.3.7.4

libQt6PrintSupport6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Core6: before 6.4.2-150500.3.7.4

libQt6Widgets6-debuginfo: before 6.4.2-150500.3.7.4

qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.4.2-150500.3.7.4

qt6-openglwidgets-devel: before 6.4.2-150500.3.7.4

qt6-networkinformation-glib: before 6.4.2-150500.3.7.4

qt6-core-devel: before 6.4.2-150500.3.7.4

libQt6OpenGL6-debuginfo: before 6.4.2-150500.3.7.4

qt6-base-docs-qch: before 6.4.2-150500.3.7.1

qt6-platformtheme-gtk3-debuginfo: before 6.4.2-150500.3.7.4

qt6-base-examples: before 6.4.2-150500.3.7.4

qt6-kmssupport-private-devel: before 6.4.2-150500.3.7.4

qt6-base-docs-html: before 6.4.2-150500.3.7.1

qt6-base-examples-debuginfo: before 6.4.2-150500.3.7.4

qt6-base-common-devel: before 6.4.2-150500.3.7.4

libQt6Sql6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Test6-debuginfo: before 6.4.2-150500.3.7.4

qt6-network-private-devel: before 6.4.2-150500.3.7.4

qt6-platformtheme-xdgdesktopportal: before 6.4.2-150500.3.7.4

qt6-dbus-devel: before 6.4.2-150500.3.7.4

libQt6Widgets6: before 6.4.2-150500.3.7.4

qt6-gui-private-devel: before 6.4.2-150500.3.7.4

libQt6Network6-debuginfo: before 6.4.2-150500.3.7.4

qt6-gui-devel: before 6.4.2-150500.3.7.4

qt6-widgets-private-devel: before 6.4.2-150500.3.7.4

qt6-base-common-devel-debuginfo: before 6.4.2-150500.3.7.4

libQt6Concurrent6-debuginfo: before 6.4.2-150500.3.7.4

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20233225-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU76667

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-33285

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to buffer over-read via a crafted reply from a DNS server within the QDnsLookup() function in src/network/kernel/qdnslookup_unix.cpp. A remote attacker can perform a denial of service attack.

Mitigation

Update the affected package qt6-base to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

Desktop Applications Module: 15-SP5

SUSE Package Hub 15: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

qt6-docs-common: before 6.4.2-150500.3.7.4

qt6-base-private-devel: before 6.4.2-150500.3.7.4

qt6-base-devel: before 6.4.2-150500.3.7.4

libQt6DBus6: before 6.4.2-150500.3.7.4

libQt6Gui6: before 6.4.2-150500.3.7.4

libQt6OpenGL6: before 6.4.2-150500.3.7.4

qt6-sql-postgresql: before 6.4.2-150500.3.7.4

libQt6OpenGLWidgets6: before 6.4.2-150500.3.7.4

libQt6Gui6-debuginfo: before 6.4.2-150500.3.7.4

qt6-xml-devel: before 6.4.2-150500.3.7.4

qt6-test-devel: before 6.4.2-150500.3.7.4

qt6-sql-sqlite-debuginfo: before 6.4.2-150500.3.7.4

libQt6Test6: before 6.4.2-150500.3.7.4

qt6-sql-mysql-debuginfo: before 6.4.2-150500.3.7.4

libQt6Concurrent6: before 6.4.2-150500.3.7.4

qt6-printsupport-devel: before 6.4.2-150500.3.7.4

qt6-base-debuginfo: before 6.4.2-150500.3.7.4

qt6-sql-devel: before 6.4.2-150500.3.7.4

libQt6OpenGLWidgets6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Core6-debuginfo: before 6.4.2-150500.3.7.4

qt6-sql-private-devel: before 6.4.2-150500.3.7.4

qt6-platformsupport-devel-static: before 6.4.2-150500.3.7.4

qt6-sql-mysql: before 6.4.2-150500.3.7.4

qt6-concurrent-devel: before 6.4.2-150500.3.7.4

qt6-platformsupport-private-devel: before 6.4.2-150500.3.7.4

qt6-printsupport-cups: before 6.4.2-150500.3.7.4

qt6-opengl-private-devel: before 6.4.2-150500.3.7.4

libQt6Xml6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Network6: before 6.4.2-150500.3.7.4

qt6-opengl-devel: before 6.4.2-150500.3.7.4

libQt6Sql6: before 6.4.2-150500.3.7.4

qt6-widgets-devel: before 6.4.2-150500.3.7.4

qt6-sql-unixODBC-debuginfo: before 6.4.2-150500.3.7.4

libQt6Xml6: before 6.4.2-150500.3.7.4

qt6-sql-postgresql-debuginfo: before 6.4.2-150500.3.7.4

qt6-sql-unixODBC: before 6.4.2-150500.3.7.4

qt6-networkinformation-nm-debuginfo: before 6.4.2-150500.3.7.4

qt6-dbus-private-devel: before 6.4.2-150500.3.7.4

libQt6PrintSupport6: before 6.4.2-150500.3.7.4

qt6-printsupport-cups-debuginfo: before 6.4.2-150500.3.7.4

qt6-platformtheme-gtk3: before 6.4.2-150500.3.7.4

qt6-networkinformation-glib-debuginfo: before 6.4.2-150500.3.7.4

qt6-kmssupport-devel-static: before 6.4.2-150500.3.7.4

qt6-network-tls-debuginfo: before 6.4.2-150500.3.7.4

qt6-network-tls: before 6.4.2-150500.3.7.4

qt6-xml-private-devel: before 6.4.2-150500.3.7.4

qt6-test-private-devel: before 6.4.2-150500.3.7.4

libQt6DBus6-debuginfo: before 6.4.2-150500.3.7.4

qt6-printsupport-private-devel: before 6.4.2-150500.3.7.4

qt6-core-private-devel: before 6.4.2-150500.3.7.4

qt6-networkinformation-nm: before 6.4.2-150500.3.7.4

qt6-base-debugsource: before 6.4.2-150500.3.7.4

qt6-network-devel: before 6.4.2-150500.3.7.4

qt6-sql-sqlite: before 6.4.2-150500.3.7.4

libQt6PrintSupport6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Core6: before 6.4.2-150500.3.7.4

libQt6Widgets6-debuginfo: before 6.4.2-150500.3.7.4

qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.4.2-150500.3.7.4

qt6-openglwidgets-devel: before 6.4.2-150500.3.7.4

qt6-networkinformation-glib: before 6.4.2-150500.3.7.4

qt6-core-devel: before 6.4.2-150500.3.7.4

libQt6OpenGL6-debuginfo: before 6.4.2-150500.3.7.4

qt6-base-docs-qch: before 6.4.2-150500.3.7.1

qt6-platformtheme-gtk3-debuginfo: before 6.4.2-150500.3.7.4

qt6-base-examples: before 6.4.2-150500.3.7.4

qt6-kmssupport-private-devel: before 6.4.2-150500.3.7.4

qt6-base-docs-html: before 6.4.2-150500.3.7.1

qt6-base-examples-debuginfo: before 6.4.2-150500.3.7.4

qt6-base-common-devel: before 6.4.2-150500.3.7.4

libQt6Sql6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Test6-debuginfo: before 6.4.2-150500.3.7.4

qt6-network-private-devel: before 6.4.2-150500.3.7.4

qt6-platformtheme-xdgdesktopportal: before 6.4.2-150500.3.7.4

qt6-dbus-devel: before 6.4.2-150500.3.7.4

libQt6Widgets6: before 6.4.2-150500.3.7.4

qt6-gui-private-devel: before 6.4.2-150500.3.7.4

libQt6Network6-debuginfo: before 6.4.2-150500.3.7.4

qt6-gui-devel: before 6.4.2-150500.3.7.4

qt6-widgets-private-devel: before 6.4.2-150500.3.7.4

qt6-base-common-devel-debuginfo: before 6.4.2-150500.3.7.4

libQt6Concurrent6-debuginfo: before 6.4.2-150500.3.7.4

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20233225-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Certificate Validation

EUVDB-ID: #VU78696

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34410

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper validation of TLS certificate chain, where application does not always consider whether the root of a chain is a configured CA certificate. A remote attacker can perform MitM attack.

Mitigation

Update the affected package qt6-base to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

Desktop Applications Module: 15-SP5

SUSE Package Hub 15: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

qt6-docs-common: before 6.4.2-150500.3.7.4

qt6-base-private-devel: before 6.4.2-150500.3.7.4

qt6-base-devel: before 6.4.2-150500.3.7.4

libQt6DBus6: before 6.4.2-150500.3.7.4

libQt6Gui6: before 6.4.2-150500.3.7.4

libQt6OpenGL6: before 6.4.2-150500.3.7.4

qt6-sql-postgresql: before 6.4.2-150500.3.7.4

libQt6OpenGLWidgets6: before 6.4.2-150500.3.7.4

libQt6Gui6-debuginfo: before 6.4.2-150500.3.7.4

qt6-xml-devel: before 6.4.2-150500.3.7.4

qt6-test-devel: before 6.4.2-150500.3.7.4

qt6-sql-sqlite-debuginfo: before 6.4.2-150500.3.7.4

libQt6Test6: before 6.4.2-150500.3.7.4

qt6-sql-mysql-debuginfo: before 6.4.2-150500.3.7.4

libQt6Concurrent6: before 6.4.2-150500.3.7.4

qt6-printsupport-devel: before 6.4.2-150500.3.7.4

qt6-base-debuginfo: before 6.4.2-150500.3.7.4

qt6-sql-devel: before 6.4.2-150500.3.7.4

libQt6OpenGLWidgets6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Core6-debuginfo: before 6.4.2-150500.3.7.4

qt6-sql-private-devel: before 6.4.2-150500.3.7.4

qt6-platformsupport-devel-static: before 6.4.2-150500.3.7.4

qt6-sql-mysql: before 6.4.2-150500.3.7.4

qt6-concurrent-devel: before 6.4.2-150500.3.7.4

qt6-platformsupport-private-devel: before 6.4.2-150500.3.7.4

qt6-printsupport-cups: before 6.4.2-150500.3.7.4

qt6-opengl-private-devel: before 6.4.2-150500.3.7.4

libQt6Xml6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Network6: before 6.4.2-150500.3.7.4

qt6-opengl-devel: before 6.4.2-150500.3.7.4

libQt6Sql6: before 6.4.2-150500.3.7.4

qt6-widgets-devel: before 6.4.2-150500.3.7.4

qt6-sql-unixODBC-debuginfo: before 6.4.2-150500.3.7.4

libQt6Xml6: before 6.4.2-150500.3.7.4

qt6-sql-postgresql-debuginfo: before 6.4.2-150500.3.7.4

qt6-sql-unixODBC: before 6.4.2-150500.3.7.4

qt6-networkinformation-nm-debuginfo: before 6.4.2-150500.3.7.4

qt6-dbus-private-devel: before 6.4.2-150500.3.7.4

libQt6PrintSupport6: before 6.4.2-150500.3.7.4

qt6-printsupport-cups-debuginfo: before 6.4.2-150500.3.7.4

qt6-platformtheme-gtk3: before 6.4.2-150500.3.7.4

qt6-networkinformation-glib-debuginfo: before 6.4.2-150500.3.7.4

qt6-kmssupport-devel-static: before 6.4.2-150500.3.7.4

qt6-network-tls-debuginfo: before 6.4.2-150500.3.7.4

qt6-network-tls: before 6.4.2-150500.3.7.4

qt6-xml-private-devel: before 6.4.2-150500.3.7.4

qt6-test-private-devel: before 6.4.2-150500.3.7.4

libQt6DBus6-debuginfo: before 6.4.2-150500.3.7.4

qt6-printsupport-private-devel: before 6.4.2-150500.3.7.4

qt6-core-private-devel: before 6.4.2-150500.3.7.4

qt6-networkinformation-nm: before 6.4.2-150500.3.7.4

qt6-base-debugsource: before 6.4.2-150500.3.7.4

qt6-network-devel: before 6.4.2-150500.3.7.4

qt6-sql-sqlite: before 6.4.2-150500.3.7.4

libQt6PrintSupport6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Core6: before 6.4.2-150500.3.7.4

libQt6Widgets6-debuginfo: before 6.4.2-150500.3.7.4

qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.4.2-150500.3.7.4

qt6-openglwidgets-devel: before 6.4.2-150500.3.7.4

qt6-networkinformation-glib: before 6.4.2-150500.3.7.4

qt6-core-devel: before 6.4.2-150500.3.7.4

libQt6OpenGL6-debuginfo: before 6.4.2-150500.3.7.4

qt6-base-docs-qch: before 6.4.2-150500.3.7.1

qt6-platformtheme-gtk3-debuginfo: before 6.4.2-150500.3.7.4

qt6-base-examples: before 6.4.2-150500.3.7.4

qt6-kmssupport-private-devel: before 6.4.2-150500.3.7.4

qt6-base-docs-html: before 6.4.2-150500.3.7.1

qt6-base-examples-debuginfo: before 6.4.2-150500.3.7.4

qt6-base-common-devel: before 6.4.2-150500.3.7.4

libQt6Sql6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Test6-debuginfo: before 6.4.2-150500.3.7.4

qt6-network-private-devel: before 6.4.2-150500.3.7.4

qt6-platformtheme-xdgdesktopportal: before 6.4.2-150500.3.7.4

qt6-dbus-devel: before 6.4.2-150500.3.7.4

libQt6Widgets6: before 6.4.2-150500.3.7.4

qt6-gui-private-devel: before 6.4.2-150500.3.7.4

libQt6Network6-debuginfo: before 6.4.2-150500.3.7.4

qt6-gui-devel: before 6.4.2-150500.3.7.4

qt6-widgets-private-devel: before 6.4.2-150500.3.7.4

qt6-base-common-devel-debuginfo: before 6.4.2-150500.3.7.4

libQt6Concurrent6-debuginfo: before 6.4.2-150500.3.7.4

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20233225-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Infinite loop

EUVDB-ID: #VU78697

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38197

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when handling recursive expansions. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected package qt6-base to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

Desktop Applications Module: 15-SP5

SUSE Package Hub 15: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

qt6-docs-common: before 6.4.2-150500.3.7.4

qt6-base-private-devel: before 6.4.2-150500.3.7.4

qt6-base-devel: before 6.4.2-150500.3.7.4

libQt6DBus6: before 6.4.2-150500.3.7.4

libQt6Gui6: before 6.4.2-150500.3.7.4

libQt6OpenGL6: before 6.4.2-150500.3.7.4

qt6-sql-postgresql: before 6.4.2-150500.3.7.4

libQt6OpenGLWidgets6: before 6.4.2-150500.3.7.4

libQt6Gui6-debuginfo: before 6.4.2-150500.3.7.4

qt6-xml-devel: before 6.4.2-150500.3.7.4

qt6-test-devel: before 6.4.2-150500.3.7.4

qt6-sql-sqlite-debuginfo: before 6.4.2-150500.3.7.4

libQt6Test6: before 6.4.2-150500.3.7.4

qt6-sql-mysql-debuginfo: before 6.4.2-150500.3.7.4

libQt6Concurrent6: before 6.4.2-150500.3.7.4

qt6-printsupport-devel: before 6.4.2-150500.3.7.4

qt6-base-debuginfo: before 6.4.2-150500.3.7.4

qt6-sql-devel: before 6.4.2-150500.3.7.4

libQt6OpenGLWidgets6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Core6-debuginfo: before 6.4.2-150500.3.7.4

qt6-sql-private-devel: before 6.4.2-150500.3.7.4

qt6-platformsupport-devel-static: before 6.4.2-150500.3.7.4

qt6-sql-mysql: before 6.4.2-150500.3.7.4

qt6-concurrent-devel: before 6.4.2-150500.3.7.4

qt6-platformsupport-private-devel: before 6.4.2-150500.3.7.4

qt6-printsupport-cups: before 6.4.2-150500.3.7.4

qt6-opengl-private-devel: before 6.4.2-150500.3.7.4

libQt6Xml6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Network6: before 6.4.2-150500.3.7.4

qt6-opengl-devel: before 6.4.2-150500.3.7.4

libQt6Sql6: before 6.4.2-150500.3.7.4

qt6-widgets-devel: before 6.4.2-150500.3.7.4

qt6-sql-unixODBC-debuginfo: before 6.4.2-150500.3.7.4

libQt6Xml6: before 6.4.2-150500.3.7.4

qt6-sql-postgresql-debuginfo: before 6.4.2-150500.3.7.4

qt6-sql-unixODBC: before 6.4.2-150500.3.7.4

qt6-networkinformation-nm-debuginfo: before 6.4.2-150500.3.7.4

qt6-dbus-private-devel: before 6.4.2-150500.3.7.4

libQt6PrintSupport6: before 6.4.2-150500.3.7.4

qt6-printsupport-cups-debuginfo: before 6.4.2-150500.3.7.4

qt6-platformtheme-gtk3: before 6.4.2-150500.3.7.4

qt6-networkinformation-glib-debuginfo: before 6.4.2-150500.3.7.4

qt6-kmssupport-devel-static: before 6.4.2-150500.3.7.4

qt6-network-tls-debuginfo: before 6.4.2-150500.3.7.4

qt6-network-tls: before 6.4.2-150500.3.7.4

qt6-xml-private-devel: before 6.4.2-150500.3.7.4

qt6-test-private-devel: before 6.4.2-150500.3.7.4

libQt6DBus6-debuginfo: before 6.4.2-150500.3.7.4

qt6-printsupport-private-devel: before 6.4.2-150500.3.7.4

qt6-core-private-devel: before 6.4.2-150500.3.7.4

qt6-networkinformation-nm: before 6.4.2-150500.3.7.4

qt6-base-debugsource: before 6.4.2-150500.3.7.4

qt6-network-devel: before 6.4.2-150500.3.7.4

qt6-sql-sqlite: before 6.4.2-150500.3.7.4

libQt6PrintSupport6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Core6: before 6.4.2-150500.3.7.4

libQt6Widgets6-debuginfo: before 6.4.2-150500.3.7.4

qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.4.2-150500.3.7.4

qt6-openglwidgets-devel: before 6.4.2-150500.3.7.4

qt6-networkinformation-glib: before 6.4.2-150500.3.7.4

qt6-core-devel: before 6.4.2-150500.3.7.4

libQt6OpenGL6-debuginfo: before 6.4.2-150500.3.7.4

qt6-base-docs-qch: before 6.4.2-150500.3.7.1

qt6-platformtheme-gtk3-debuginfo: before 6.4.2-150500.3.7.4

qt6-base-examples: before 6.4.2-150500.3.7.4

qt6-kmssupport-private-devel: before 6.4.2-150500.3.7.4

qt6-base-docs-html: before 6.4.2-150500.3.7.1

qt6-base-examples-debuginfo: before 6.4.2-150500.3.7.4

qt6-base-common-devel: before 6.4.2-150500.3.7.4

libQt6Sql6-debuginfo: before 6.4.2-150500.3.7.4

libQt6Test6-debuginfo: before 6.4.2-150500.3.7.4

qt6-network-private-devel: before 6.4.2-150500.3.7.4

qt6-platformtheme-xdgdesktopportal: before 6.4.2-150500.3.7.4

qt6-dbus-devel: before 6.4.2-150500.3.7.4

libQt6Widgets6: before 6.4.2-150500.3.7.4

qt6-gui-private-devel: before 6.4.2-150500.3.7.4

libQt6Network6-debuginfo: before 6.4.2-150500.3.7.4

qt6-gui-devel: before 6.4.2-150500.3.7.4

qt6-widgets-private-devel: before 6.4.2-150500.3.7.4

qt6-base-common-devel-debuginfo: before 6.4.2-150500.3.7.4

libQt6Concurrent6-debuginfo: before 6.4.2-150500.3.7.4

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20233225-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###