安全公告详情

NS-SA-2023-0018

2023-04-11 10:31:16

简介

moderate: qt5-qtdoc/control-center security update

严重级别

moderate

主题

An update for qt5-qtdoc/control-center is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

qt5-qtdoc: QtDoc contains the main Qt Reference Documentation, which includes overviews, Qt topics, and examples not specific to any Qt module.
control-center: The GNOME control-center provides a number of extension points for applications. This package contains directories where applications can install configuration files that are picked up by the control-center utilities.


Security Fix(es):
qt5-qtdoc: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.(CVE-2018-15518)
qt5-qtdoc: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.(CVE-2018-19870)
qt5-qtdoc: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.(CVE-2018-19873)
qt5-qtdoc: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.(CVE-2018-19871)
qt5-qtdoc: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.(CVE-2018-19869)
qt5-qtdoc: bugfix
control-center: A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.(CVE-2019-3820)
control-center: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F15B7.

影响组件

  • qt5-qtdoc
  • control-center

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["qt5-qtdoc-5.9.7-1.el7.noarch.rpm"],"source":"qt5-qtdoc-5.9.7-1.el7.src.rpm"},{"binary":["control-center-debuginfo-3.28.1-8.el7_9.x86_64.rpm","control-center-3.28.1-8.el7_9.x86_64.rpm","control-center-filesystem-3.28.1-8.el7_9.x86_64.rpm"],"source":"control-center-3.28.1-8.el7_9.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["qt5-qtdoc-5.9.7-1.el7.noarch.rpm"],"source":"qt5-qtdoc-5.9.7-1.el7.src.rpm"},{"binary":["control-center-debuginfo-3.28.1-8.el7_9.x86_64.rpm","control-center-3.28.1-8.el7_9.x86_64.rpm","control-center-filesystem-3.28.1-8.el7_9.x86_64.rpm"],"source":"control-center-3.28.1-8.el7_9.src.rpm"}]}]}

CVE

参考