Advisories » MGASA-2024-0197

Updated qtnetworkauth5 & qtnetworkauth6 packages fix security vulnerability

Publication date: 29 May 2024
Modification date: 29 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-36048

Description

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x
before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x
before 6.7.1 uses only the time to seed the PRNG, which may result in
guessable values.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33247
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/55ZLZN7U7KUGQ7YANJIPQP7R7ESP6B3L/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36048

SRPMS

9/core

• qtnetworkauth5-5.15.7-1.1.mga9
• qtnetworkauth6-6.4.1-1.1.mga9