MGASA-2019-0356

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0356.html

Import Source

https://advisories.mageia.org/MGASA-2019-0356.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2019-0356

Related

CVE-2019-18281

Published

2019-12-06T14:15:42Z

Modified

2019-12-24T11:54:50Z

Summary

Updated QT stack fix security vulnerability

Details

This update provides the 5.12.6 QT stack maintenance release and fixes the following security issue:

An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters (CVE-2019-18281).

kwin and skrooge has been rebuilt to pick up proper dependencies on the updated QT packages.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7

kwin

Package

Name: kwin
Purl: pkg:rpm/mageia/kwin?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.4-1.1.mga7

Ecosystem specific

{
    "section": "core"
}

pyside2

Package

Name: pyside2
Purl: pkg:rpm/mageia/pyside2?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

pyside2-tools

Package

Name: pyside2-tools
Purl: pkg:rpm/mageia/pyside2-tools?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qt3d5

Package

Name: qt3d5
Purl: pkg:rpm/mageia/qt3d5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtbase5

Package

Name: qtbase5
Purl: pkg:rpm/mageia/qtbase5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtcharts5

Package

Name: qtcharts5
Purl: pkg:rpm/mageia/qtcharts5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtconnectivity5

Package

Name: qtconnectivity5
Purl: pkg:rpm/mageia/qtconnectivity5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtdatavis3d5

Package

Name: qtdatavis3d5
Purl: pkg:rpm/mageia/qtdatavis3d5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtdeclarative5

Package

Name: qtdeclarative5
Purl: pkg:rpm/mageia/qtdeclarative5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtdoc5

Package

Name: qtdoc5
Purl: pkg:rpm/mageia/qtdoc5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtenginio5

Package

Name: qtenginio5
Purl: pkg:rpm/mageia/qtenginio5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.3-7.1.mga7

Ecosystem specific

{
    "section": "core"
}

qtgamepad5

Package

Name: qtgamepad5
Purl: pkg:rpm/mageia/qtgamepad5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtgraphicaleffects5

Package

Name: qtgraphicaleffects5
Purl: pkg:rpm/mageia/qtgraphicaleffects5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtimageformats5

Package

Name: qtimageformats5
Purl: pkg:rpm/mageia/qtimageformats5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtlocation5

Package

Name: qtlocation5
Purl: pkg:rpm/mageia/qtlocation5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtmultimedia5

Package

Name: qtmultimedia5
Purl: pkg:rpm/mageia/qtmultimedia5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtnetworkauth5

Package

Name: qtnetworkauth5
Purl: pkg:rpm/mageia/qtnetworkauth5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtpurchasing5

Package

Name: qtpurchasing5
Purl: pkg:rpm/mageia/qtpurchasing5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtquickcontrols25

Package

Name: qtquickcontrols25
Purl: pkg:rpm/mageia/qtquickcontrols25?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtquickcontrols5

Package

Name: qtquickcontrols5
Purl: pkg:rpm/mageia/qtquickcontrols5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtremoteobjects5

Package

Name: qtremoteobjects5
Purl: pkg:rpm/mageia/qtremoteobjects5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtscript5

Package

Name: qtscript5
Purl: pkg:rpm/mageia/qtscript5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtscxml5

Package

Name: qtscxml5
Purl: pkg:rpm/mageia/qtscxml5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtsensors5

Package

Name: qtsensors5
Purl: pkg:rpm/mageia/qtsensors5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtserialbus5

Package

Name: qtserialbus5
Purl: pkg:rpm/mageia/qtserialbus5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtserialport5

Package

Name: qtserialport5
Purl: pkg:rpm/mageia/qtserialport5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtspeech5

Package

Name: qtspeech5
Purl: pkg:rpm/mageia/qtspeech5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtsvg5

Package

Name: qtsvg5
Purl: pkg:rpm/mageia/qtsvg5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qttools5

Package

Name: qttools5
Purl: pkg:rpm/mageia/qttools5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qttranslations5

Package

Name: qttranslations5
Purl: pkg:rpm/mageia/qttranslations5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtvirtualkeyboard5

Package

Name: qtvirtualkeyboard5
Purl: pkg:rpm/mageia/qtvirtualkeyboard5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtwayland5

Package

Name: qtwayland5
Purl: pkg:rpm/mageia/qtwayland5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtwebchannel5

Package

Name: qtwebchannel5
Purl: pkg:rpm/mageia/qtwebchannel5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtwebengine5

Package

Name: qtwebengine5
Purl: pkg:rpm/mageia/qtwebengine5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtwebglplugin5

Package

Name: qtwebglplugin5
Purl: pkg:rpm/mageia/qtwebglplugin5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtwebkit5

Package

Name: qtwebkit5
Purl: pkg:rpm/mageia/qtwebkit5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.212.0-1.alpha3.1.mga7

Ecosystem specific

{
    "section": "core"
}

qtwebsockets5

Package

Name: qtwebsockets5
Purl: pkg:rpm/mageia/qtwebsockets5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtwebview5

Package

Name: qtwebview5
Purl: pkg:rpm/mageia/qtwebview5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtx11extras5

Package

Name: qtx11extras5
Purl: pkg:rpm/mageia/qtx11extras5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

qtxmlpatterns5

Package

Name: qtxmlpatterns5
Purl: pkg:rpm/mageia/qtxmlpatterns5?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

shiboken2

Package

Name: shiboken2
Purl: pkg:rpm/mageia/shiboken2?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

skrooge

Package

Name: skrooge
Purl: pkg:rpm/mageia/skrooge?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.19.1-2.mga7

Ecosystem specific

{
    "section": "core"
}