Mageia alert MGASA-2025-0046 (qtbase5 & qtbase6)

From:
             
 
Mageia Updates <updates-announce@ml.mageia.org>
To:
             
 
updates-announce@ml.mageia.org
Subject:
             
 
[updates-announce] MGASA-2025-0046: Updated qtbase5 & qtbase6 packages fix security vulnerabilities
Date:
             
 
Sun, 09 Feb 2025 01:20:17 +0100
Message-ID:
             
 
<20250209002017.C87FCA00A5@duvel.mageia.org>
Archive-link:
             
 
Article
MGASA-2025-0046 - Updated qtbase5 & qtbase6 packages fix security vulnerabilities

Publication date: 09 Feb 2025
URL: https://advisories.mageia.org/MGASA-2025-0046.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2023-51714,
     CVE-2024-25580,
     CVE-2024-39936

Description:
network/access/http2/hpacktable.cpp has an incorrect HPack integer
overflow check. (CVE-2023-51714)
A buffer overflow and application crash can occur via a crafted KTX
image file. (CVE-2024-25580)
Code to make security-relevant decisions about an established connection
may execute too early, because the encrypted() signal has not yet been
emitted and processed. (CVE-2024-39936)

References:
- https://bugs.mageia.org/show_bug.cgi?id=33159
- https://lwn.net/Articles/971686/
-
https://lists.fedoraproject.org/archives/list/package-ann...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3...

SRPMS:
- 9/core/qtbase5-5.15.7-6.1.mga9
- 9/core/qtbase6-6.4.1-5.1.mga9