Updated QT stack fix security vulnerability
Publication date: 06 Dec 2019Modification date: 24 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-18281
Description
This update provides the 5.12.6 QT stack maintenance release and fixes
the following security issue:
An out-of-bounds memory access in the generateDirectionalRuns() function
in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows
attackers to cause a denial of service by crashing an application via a
text file containing many directional characters (CVE-2019-18281).
kwin and skrooge has been rebuilt to pick up proper dependencies on the
updated QT packages.
References
SRPMS
7/core
- kwin-5.15.4-1.1.mga7
- pyside2-5.12.6-1.mga7
- pyside2-tools-5.12.6-1.mga7
- qt3d5-5.12.6-1.mga7
- qtbase5-5.12.6-1.mga7
- qtcharts5-5.12.6-1.mga7
- qtconnectivity5-5.12.6-1.mga7
- qtdatavis3d5-5.12.6-1.mga7
- qtdeclarative5-5.12.6-1.mga7
- qtdoc5-5.12.6-1.mga7
- qtenginio5-1.6.3-7.1.mga7
- qtgamepad5-5.12.6-1.mga7
- qtgraphicaleffects5-5.12.6-1.mga7
- qtimageformats5-5.12.6-1.mga7
- qtlocation5-5.12.6-1.mga7
- qtmultimedia5-5.12.6-1.mga7
- qtnetworkauth5-5.12.6-1.mga7
- qtpurchasing5-5.12.6-1.mga7
- qtquickcontrols25-5.12.6-1.mga7
- qtquickcontrols5-5.12.6-1.mga7
- qtremoteobjects5-5.12.6-1.mga7
- qtscript5-5.12.6-1.mga7
- qtscxml5-5.12.6-1.mga7
- qtsensors5-5.12.6-1.mga7
- qtserialbus5-5.12.6-1.mga7
- qtserialport5-5.12.6-1.mga7
- qtspeech5-5.12.6-1.mga7
- qtsvg5-5.12.6-1.mga7
- qttools5-5.12.6-1.mga7
- qttranslations5-5.12.6-1.mga7
- qtvirtualkeyboard5-5.12.6-1.mga7
- qtwayland5-5.12.6-1.mga7
- qtwebchannel5-5.12.6-1.mga7
- qtwebengine5-5.12.6-1.mga7
- qtwebglplugin5-5.12.6-1.mga7
- qtwebkit5-5.212.0-1.alpha3.1.mga7
- qtwebsockets5-5.12.6-1.mga7
- qtwebview5-5.12.6-1.mga7
- qtx11extras5-5.12.6-1.mga7
- qtxmlpatterns5-5.12.6-1.mga7
- shiboken2-5.12.6-1.mga7
- skrooge-2.19.1-2.mga7