Ubuntu alert USN-8076-1 (qtbase-opensource-src)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8076-1] Qt vulnerabilities | |
| Date: | Thu, 05 Mar 2026 23:50:23 +0000 | |
| Message-ID: | <E1vyISV-0001Zo-Bj@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8076-1 March 05, 2026 qtbase-opensource-src vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Qt. Software Description: - qtbase-opensource-src: Qt 5 libraries Details: It was discovered that Qt did not correctly handle OpenSSL's error queue. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 20.04 LTS. (CVE-2020-13962) It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-17507) It was discovered that Qt did not correctly handle executing specific binaries. If a user or automated system were tricked into executing a binary at a specific file path, an attacker could cause a denial of service or execute arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS. (CVE-2022-25255) It was discovered that Qt did not correctly handle certain integer arithmetic. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-51714) It was discovered that Qt did not correctly handle certain encrypted connections. An attacker could possibly use this issue to leak sensitive information. This issue was only addressed in Ubuntu 24.04 LTS. (CVE-2024-39936) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libqt5core5t64 5.15.13+dfsg-1ubuntu1+esm1 Available with Ubuntu Pro libqt5gui5t64 5.15.13+dfsg-1ubuntu1+esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libqt5core5a 5.15.3+dfsg-2ubuntu0.2+esm3 Available with Ubuntu Pro libqt5gui5 5.15.3+dfsg-2ubuntu0.2+esm3 Available with Ubuntu Pro Ubuntu 20.04 LTS libqt5core5a 5.12.8+dfsg-0ubuntu2.1+esm3 Available with Ubuntu Pro libqt5gui5 5.12.8+dfsg-0ubuntu2.1+esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS libqt5core5a 5.9.5+dfsg-0ubuntu2.6+esm2 Available with Ubuntu Pro libqt5gui5 5.9.5+dfsg-0ubuntu2.6+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS libqt5core5a 5.5.1+dfsg-16ubuntu7.7+esm2 Available with Ubuntu Pro libqt5gui5 5.5.1+dfsg-16ubuntu7.7+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8076-1 CVE-2020-13962, CVE-2020-17507, CVE-2022-25255, CVE-2023-51714, CVE-2024-39936
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmmqFVwACgkQcpJm3tlz hgGz9xAAr41i1rIEdlonjpX94hbozCqBNireamTSWIJ0lItpQo30TB9Nc5+53tKS NB0oenf700iNO0cEJJuHhdlgQrJJq1/vkNrDaG377fDjjAu3WZRYF/Uv04uTZNIK fHcYBWQd1lHkUlEj9nxBk4jtS8qEXQ+X0fu9P9wn10vd4JJjufpyaf+v90uKFahp wuaOp5miulxHUJCiDOcu29FLFxmkudEyf17C0NyMFZ0cuT3VgUuZyclSHaWn0G5g LYRX8OFuHeFdZ3M8vjr+GpjrdviAoiAN5hKYyf2cMFWV/+JYm7tB2tL64exS3umM Bb1OE6F/viWSPFH5zkjCjgW/q7OfaTynlYDrUMaj15yW4dj7arivK0gEfWL6xLqw WjZCICyEKekEQsU9m91B4q0Yq8QC+w84tuPch27ZDb29KhHRHwIASAsseVgujiuV gpqb2zTTfOHPF05hi9rjfRuGYlGnPW3yrvwQxp3nenJxfAINyI6OK0B2mJANYooj et1hslvh5KcoicOsv+i9E/etdDeudXSkEQrAgj3rj/uyhtYxs0Egddi/uyX/JwLc 2qurcc+G4fojFKayVxfsQ6mf0pY5ovEqh4bj0l8d8DMaFvl/pdHwACa7pM6zuatT xOg8zlI7luf3cZ5ZgP6TIOVY/M/bBntrXEZiNiKKAP5JZCmhJ9w= =cnJK -----END PGP SIGNATURE-----