Ubuntu alert USN-8357-1 (qtdeclarative-opensource-src)
| From: | noreply+usn-bot--- via ubuntu-security-announce <ubuntu-security-announce@lists.ubuntu.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8357-1] Qt Declarative vulnerability | |
| Date: | Mon, 01 Jun 2026 15:11:26 +0000 | |
| Message-ID: | <E1wU4IY-00017b-2j@lists.ubuntu.com> | |
| Cc: | noreply+usn-bot@canonical.com |
========================================================================== Ubuntu Security Notice USN-8357-1 June 01, 2026 qtdeclarative-opensource-src vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Qt Declarative could be made to use excessive resources if it received specially crafted input. Software Description: - qtdeclarative-opensource-src: Qt 5 declarative modules Details: It was discovered that Qt Declarative did not properly validate the width and height attributes of image tags in the Text component of Qt Quick. An attacker could possibly use this issue to cause Qt Declarative to use excessive resources, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libqt5quick5 5.15.13+dfsg-1ubuntu0.1+esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libqt5quick5 5.15.3+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS libqt5quick5 5.12.8-0ubuntu1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8357-1 CVE-2025-12385
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmodoGYACgkQcpJm3tlz hgH1IA/+MTxRHvExymvQ5vGdiM6iefdpZrPtMhMm2Umo3XL38PgkCLqu0y6TrpH2 DUCHGdAS+zWAYMZYwL6U6wIkiTI+RSeWgjzgVvlXGXzuvOegZZpiZ4x4FADAv+ys TvZfKTrF4taft01RPtzbRERl7DFf1xHbWvRtJee0V+C8L0uCa0mDTaHXjS53uWex HuP3bSVfpnJJ+v1SUEqDBRN8/CRgD7pPqv4jX6q9tSRFjrPMGvjVQUzeCW6fbTx3 KGMS6L0Zf66PP/XEwJMv0QzvojmidIx0dCJQ2Zlg4Q+3kIVn/EQ82/r9QsUt1cBw U7DzszSCSLLiL+47ynpim3RP+zBQGMXB1nPdw+o8cYW1DcTlo0Uy55nayWx64Lwo pzOdu5i+Byn57lXyTu3/JyNv4BznnjnjsQVX37jukO+T+O0y19QUNcK9pFXh/6Mo KYz1T5Iawl0KZxWkhEtv68wBIb+Y583JzozPqGLDX/8AqhPTXInW+VC72rZYnhZO If7KmNHjL2FiPTBIJrMhtSeav5y3wQDH2ZsLfPBa4usAf2OguEteW9p3NgCu//zn 6R7sk2d/xqc3k78CfpS7JzZ6DLk1HNoSE/I9iVCGH0sxayoVpOisJ3OVDuIfSX0h a4zckPz6nJR3x4G5WUdqnnGR3rP+1enlmpSSqrmU3U9qsrL+OHk= =HPxS -----END PGP SIGNATURE-----