{"schema_version":"1.7.2","id":"OESA-2023-1489","modified":"2023-08-12T11:05:39Z","published":"2023-08-12T11:05:39Z","upstream":["CVE-2023-24607","CVE-2023-32762","CVE-2023-32763"],"summary":"qt5-qtbase security update","details":"Qt is a software toolkit for developing applications.\n\r\n\r\nSecurity Fix(es):\r\n\r\nQt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.(CVE-2023-24607)\r\n\r\nAn issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.(CVE-2023-32762)\r\n\r\nAn issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.(CVE-2023-32763)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP2","name":"qt5-qtbase","purl":"pkg:rpm/openEuler/qt5-qtbase\u0026distro=openEuler-22.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.2-7.oe2203sp2"}]}],"ecosystem_specific":{"aarch64":["qt5-qtbase-debuginfo-5.15.2-7.oe2203sp2.aarch64.rpm","qt5-qtbase-debugsource-5.15.2-7.oe2203sp2.aarch64.rpm","qt5-qtbase-private-devel-5.15.2-7.oe2203sp2.aarch64.rpm","qt5-qtbase-static-5.15.2-7.oe2203sp2.aarch64.rpm","qt5-qtbase-odbc-5.15.2-7.oe2203sp2.aarch64.rpm","qt5-qtbase-devel-5.15.2-7.oe2203sp2.aarch64.rpm","qt5-qtbase-examples-5.15.2-7.oe2203sp2.aarch64.rpm","qt5-qtbase-mysql-5.15.2-7.oe2203sp2.aarch64.rpm","qt5-qtbase-postgresql-5.15.2-7.oe2203sp2.aarch64.rpm","qt5-qtbase-gui-5.15.2-7.oe2203sp2.aarch64.rpm","qt5-qtbase-5.15.2-7.oe2203sp2.aarch64.rpm"],"noarch":["qt5-qtbase-common-5.15.2-7.oe2203sp2.noarch.rpm"],"src":["qt5-qtbase-5.15.2-7.oe2203sp2.src.rpm"],"x86_64":["qt5-qtbase-examples-5.15.2-7.oe2203sp2.x86_64.rpm","qt5-qtbase-postgresql-5.15.2-7.oe2203sp2.x86_64.rpm","qt5-qtbase-devel-5.15.2-7.oe2203sp2.x86_64.rpm","qt5-qtbase-mysql-5.15.2-7.oe2203sp2.x86_64.rpm","qt5-qtbase-debuginfo-5.15.2-7.oe2203sp2.x86_64.rpm","qt5-qtbase-5.15.2-7.oe2203sp2.x86_64.rpm","qt5-qtbase-gui-5.15.2-7.oe2203sp2.x86_64.rpm","qt5-qtbase-debugsource-5.15.2-7.oe2203sp2.x86_64.rpm","qt5-qtbase-static-5.15.2-7.oe2203sp2.x86_64.rpm","qt5-qtbase-odbc-5.15.2-7.oe2203sp2.x86_64.rpm","qt5-qtbase-private-devel-5.15.2-7.oe2203sp2.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1489"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24607"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32762"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32763"}],"database_specific":{"severity":"High"}}