SUSE alert SUSE-SU-2025:02968-1 (libqt4)
| From: | SLE-SECURITY-UPDATES <null@suse.de> | |
| To: | sle-security-updates@lists.suse.com | |
| Subject: | SUSE-SU-2025:02968-1: important: Security update for libqt4 | |
| Date: | Mon, 25 Aug 2025 08:34:21 -0000 | |
| Message-ID: | <175611086134.8869.4160292899408019869@smelt2.prg2.suse.org> |
# Security update for libqt4 Announcement ID: SUSE-SU-2025:02968-1 Release Date: 2025-08-25T06:20:49Z Rating: important References: * bsc#1196654 * bsc#1211298 * bsc#1211798 * bsc#1211994 * bsc#1213326 * bsc#1214327 * bsc#1245609 * bsc#357727 * bsc#552218 * bsc#656144 * bsc#717127 * bsc#875470 Cross-References: * CVE-2021-45930 * CVE-2023-32573 * CVE-2023-32763 * CVE-2023-34410 * CVE-2023-37369 * CVE-2023-38197 * CVE-2025-5455 CVSS scores: * CVE-2021-45930 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-45930 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32573 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32573 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32573 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32763 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32763 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34410 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34410 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-34410 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-37369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37369 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-38197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-5455 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-5455 ( NVD ): 8.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:M/U:Clear Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities and has five security fixes can now be installed. ## Description: This update for libqt4 fixes the following issues: * CVE-2021-45930: Fixed out-of-bounds write leading to DoS (bsc#1196654) * CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont m_unitsPerEm (bsc#1211298) * CVE-2023-32763: Fixed buffer overflow on QTextLayout during rendering of an SVG file with an image inside (bsc#1211798) * CVE-2023-34410: Fixed certificate validation not always considering whether the root of a chain is a configured CA certificate (bsc#1211994) * CVE-2023-37369: Fixed buffer overflow in QXmlStreamReader (bsc#1214327) * CVE-2023-38197: Fixed infinite loops in QXmlStreamReader (bsc#1213326) * CVE-2025-5455: Fixed denial of service when qDecodeDataUrl() is called with malformed data and assertions are enabled (bsc#1245609) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2968=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libqt4-devel-doc-debugsource-4.8.7-8.22.1 * libqt4-sql-debuginfo-4.8.7-8.22.1 * libqt4-sql-plugins-debugsource-4.8.7-8.22.1 * libqt4-devel-debuginfo-4.8.7-8.22.1 * libqt4-4.8.7-8.22.1 * libqt4-devel-doc-4.8.7-8.22.1 * libqt4-sql-4.8.7-8.22.1 * libqt4-sql-sqlite-4.8.7-8.22.1 * libqt4-32bit-4.8.7-8.22.1 * libqt4-qt3support-4.8.7-8.22.1 * libqt4-x11-debuginfo-32bit-4.8.7-8.22.1 * libqt4-x11-debuginfo-4.8.7-8.22.1 * libqt4-sql-sqlite-debuginfo-4.8.7-8.22.1 * libqt4-qt3support-32bit-4.8.7-8.22.1 * libqt4-qt3support-debuginfo-4.8.7-8.22.1 * qt4-x11-tools-4.8.7-8.22.1 * libqt4-devel-doc-debuginfo-4.8.7-8.22.1 * libqt4-qt3support-debuginfo-32bit-4.8.7-8.22.1 * libqt4-sql-debuginfo-32bit-4.8.7-8.22.1 * libqt4-sql-mysql-4.8.7-8.22.1 * libqt4-x11-4.8.7-8.22.1 * libqt4-devel-4.8.7-8.22.1 * libqt4-sql-mysql-debuginfo-4.8.7-8.22.1 * qt4-x11-tools-debuginfo-4.8.7-8.22.1 * libqt4-debugsource-4.8.7-8.22.1 * libqt4-x11-32bit-4.8.7-8.22.1 * libqt4-debuginfo-4.8.7-8.22.1 * libqt4-debuginfo-32bit-4.8.7-8.22.1 * libqt4-private-headers-devel-4.8.7-8.22.1 * libqt4-sql-32bit-4.8.7-8.22.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * libqt4-devel-doc-data-4.8.7-8.22.1 ## References: * https://www.suse.com/security/cve/CVE-2021-45930.html * https://www.suse.com/security/cve/CVE-2023-32573.html * https://www.suse.com/security/cve/CVE-2023-32763.html * https://www.suse.com/security/cve/CVE-2023-34410.html * https://www.suse.com/security/cve/CVE-2023-37369.html * https://www.suse.com/security/cve/CVE-2023-38197.html * https://www.suse.com/security/cve/CVE-2025-5455.html * https://bugzilla.suse.com/show_bug.cgi?id=1196654 * https://bugzilla.suse.com/show_bug.cgi?id=1211298 * https://bugzilla.suse.com/show_bug.cgi?id=1211798 * https://bugzilla.suse.com/show_bug.cgi?id=1211994 * https://bugzilla.suse.com/show_bug.cgi?id=1213326 * https://bugzilla.suse.com/show_bug.cgi?id=1214327 * https://bugzilla.suse.com/show_bug.cgi?id=1245609 * https://bugzilla.suse.com/show_bug.cgi?id=357727 * https://bugzilla.suse.com/show_bug.cgi?id=552218 * https://bugzilla.suse.com/show_bug.cgi?id=656144 * https://bugzilla.suse.com/show_bug.cgi?id=717127 * https://bugzilla.suse.com/show_bug.cgi?id=875470
Attachment: None (type=text/html)
(HTML attachment elided)