Advisories ยป MGASA-2019-0356

Updated QT stack fix security vulnerability

Publication date: 06 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-18281


This update provides the 5.12.6 QT stack maintenance release and fixes
the following security issue:

An out-of-bounds memory access in the generateDirectionalRuns() function
in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows
attackers to cause a denial of service by crashing an application via a
text file containing many directional characters (CVE-2019-18281).

kwin and skrooge has been rebuilt to pick up proper dependencies on the
updated QT packages.