安全公告详情

NS-SA-2020-0062

2020-12-08 09:12:10

简介

moderate: evolution/qt security update

严重级别

moderate

主题

An update for evolution/qt is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

evolution: This package contains the plugin to filter junk mail using SpamAssassin.
qt: QDbusviewer can be used to inspect D-Bus objects of running programs and invoke methods on those objects.


Security Fix(es):
evolution: GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.(CVE-2018-15587)
evolution: bugfix
qt: An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.(CVE-2018-19872)
qt: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.(CVE-2018-19870)
qt: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.(CVE-2018-19873)
qt: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.(CVE-2018-19871)
qt: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.(CVE-2018-15518)
qt: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.(CVE-2018-19869)
qt: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F25B5.

影响组件

  • evolution
  • qt

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["evolution-3.28.5-8.el7.x86_64.rpm","evolution-bogofilter-3.28.5-8.el7.x86_64.rpm","evolution-debuginfo-3.28.5-8.el7.x86_64.rpm","evolution-devel-3.28.5-8.el7.x86_64.rpm","evolution-devel-docs-3.28.5-8.el7.noarch.rpm","evolution-help-3.28.5-8.el7.noarch.rpm","evolution-langpacks-3.28.5-8.el7.noarch.rpm","evolution-pst-3.28.5-8.el7.x86_64.rpm","evolution-spamassassin-3.28.5-8.el7.x86_64.rpm"],"source":"evolution-3.28.5-8.el7.src.rpm"},{"binary":["qt-4.8.7-8.el7.x86_64.rpm","qt-assistant-4.8.7-8.el7.x86_64.rpm","qt-config-4.8.7-8.el7.x86_64.rpm","qt-debuginfo-4.8.7-8.el7.x86_64.rpm","qt-demos-4.8.7-8.el7.x86_64.rpm","qt-devel-4.8.7-8.el7.x86_64.rpm","qt-devel-private-4.8.7-8.el7.noarch.rpm","qt-doc-4.8.7-8.el7.noarch.rpm","qt-examples-4.8.7-8.el7.x86_64.rpm","qt-mysql-4.8.7-8.el7.x86_64.rpm","qt-odbc-4.8.7-8.el7.x86_64.rpm","qt-postgresql-4.8.7-8.el7.x86_64.rpm","qt-qdbusviewer-4.8.7-8.el7.x86_64.rpm","qt-qvfb-4.8.7-8.el7.x86_64.rpm","qt-x11-4.8.7-8.el7.x86_64.rpm"],"source":"qt-4.8.7-8.el7.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["evolution-bogofilter-3.28.5-8.el7.x86_64.rpm","evolution-debuginfo-3.28.5-8.el7.x86_64.rpm","evolution-devel-3.28.5-8.el7.x86_64.rpm","evolution-devel-docs-3.28.5-8.el7.noarch.rpm","evolution-help-3.28.5-8.el7.noarch.rpm","evolution-langpacks-3.28.5-8.el7.noarch.rpm","evolution-3.28.5-8.el7.x86_64.rpm","evolution-pst-3.28.5-8.el7.x86_64.rpm","evolution-spamassassin-3.28.5-8.el7.x86_64.rpm"],"source":"evolution-3.28.5-8.el7.src.rpm"},{"binary":["qt-4.8.7-8.el7.x86_64.rpm","qt-assistant-4.8.7-8.el7.x86_64.rpm","qt-config-4.8.7-8.el7.x86_64.rpm","qt-debuginfo-4.8.7-8.el7.x86_64.rpm","qt-demos-4.8.7-8.el7.x86_64.rpm","qt-devel-4.8.7-8.el7.x86_64.rpm","qt-devel-private-4.8.7-8.el7.noarch.rpm","qt-doc-4.8.7-8.el7.noarch.rpm","qt-examples-4.8.7-8.el7.x86_64.rpm","qt-mysql-4.8.7-8.el7.x86_64.rpm","qt-odbc-4.8.7-8.el7.x86_64.rpm","qt-postgresql-4.8.7-8.el7.x86_64.rpm","qt-qdbusviewer-4.8.7-8.el7.x86_64.rpm","qt-qvfb-4.8.7-8.el7.x86_64.rpm","qt-x11-4.8.7-8.el7.x86_64.rpm"],"source":"qt-4.8.7-8.el7.src.rpm"}]}]}

CVE

参考