Updated qt4 packages fix security vulnerabilities
Publication date: 08 May 2020Modification date: 08 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2018-15518 , CVE-2018-19869 , CVE-2018-19870 , CVE-2018-19871 , CVE-2018-19873
Description
Updated qt4 packages fix security vulnerabilities:
A double-free or corruption during parsing of a specially crafted illegal
XML document (CVE-2018-15518).
A malformed SVG image could cause a segmentation fault in qsvghandler.cpp
(CVE-2018-19869).
A malformed GIF image might have caused a NULL pointer dereference in
QGifHandler resulting in a segmentation fault (CVE-2018-19870).
There was an uncontrolled resource consumption in QTgaFile (CVE-2018-19871).
QBmpHandler had a buffer overflow via BMP data (CVE-2018-19873).
References
- https://bugs.mageia.org/show_bug.cgi?id=26505
- https://www.debian.org/lts/security/2019/dla-1786
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15518
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19869
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19870
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19871
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19873
SRPMS
7/core
- qt4-4.8.7-26.1.mga7