important: qt5-qtbase security update
important
An update for qt5-qtbase is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
qt5-qtbase:
Security Fix(es):
qt5-qtbase: A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending data to an incorrect or malicious server.(CVE-2024-39936)
qt5-qtbase: An integer overflow vulnerability was found in Qt. An incorrect HPack integer overflow check can lead to denial of service.(CVE-2023-51714)
qt5-qtbase: A vulnerability was discovered in Qt. This security flaw occurs in the QDnsLookup function, which has a buffer over-read via a crafted reply from a DNS server.(CVE-2023-33285)
qt5-qtbase: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.(CVE-2023-34410)
qt5-qtbase: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.