NS-SA-2025-0077

简介

important: qpdf/qt5-qtbase security update

严重级别

important

主题

An update for qpdf/qt5-qtbase is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

qpdf:
qt5-qtbase:


Security Fix(es):
qpdf: A flaw was found in qpdf. Processing a specially crafted JSON file using the --json-input command line option may lead to a heap-based buffer over-read, resulting in an application crash.(CVE-2024-24246)
qpdf: bugfix
qt5-qtbase: A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending data to an incorrect or malicious server.(CVE-2024-39936)
qt5-qtbase: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.02B7.

影响组件

• qpdf
• qt5-qtbase

影响产品

• CGSL MAIN 7.02

更新包

CVE

• CVE-2024-24246
• CVE-2024-39936

参考

• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24246
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-39936