Updated qtbase5 & qtbase6 packages fix security vulnerabilities
Publication date: 09 Feb 2025Modification date: 08 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-51714 , CVE-2024-25580 , CVE-2024-39936
Description
network/access/http2/hpacktable.cpp has an incorrect HPack integer
overflow check. (CVE-2023-51714)
A buffer overflow and application crash can occur via a crafted KTX
image file. (CVE-2024-25580)
Code to make security-relevant decisions about an established connection
may execute too early, because the encrypted() signal has not yet been
emitted and processed. (CVE-2024-39936)
References
- https://bugs.mageia.org/show_bug.cgi?id=33159
- https://lwn.net/Articles/971686/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVCBTKX6LVBTP6UEJQZ2PENI2KATSRJK/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51714
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25580
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39936
SRPMS
9/core
- qtbase5-5.15.7-6.1.mga9
- qtbase6-6.4.1-5.1.mga9