RLSA-2021:4172

Source
https://errata.rockylinux.org/RLSA-2021:4172
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2021:4172.json
JSON Data
https://api.test.osv.dev/v1/vulns/RLSA-2021:4172
Related
Published
2021-11-09T08:31:20Z
Modified
2023-02-02T14:11:37.447375Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVSS Calculator
Summary
Moderate: qt5 security, bug fix, and enhancement update
Details

Qt is a software toolkit for developing applications.

The following packages have been upgraded to a later upstream version: adwaita-qt (1.2.1), python-qt5 (5.15.0), qgnomeplatform (0.7.1), qt5 (5.15.2), qt5-qt3d (5.15.2), qt5-qtbase (5.15.2), qt5-qtconnectivity (5.15.2), qt5-qtdeclarative (5.15.2), qt5-qtdoc (5.15.2), qt5-qtgraphicaleffects (5.15.2), qt5-qtimageformats (5.15.2), qt5-qtlocation (5.15.2), qt5-qtmultimedia (5.15.2), qt5-qtquickcontrols (5.15.2), qt5-qtquickcontrols2 (5.15.2), qt5-qtscript (5.15.2), qt5-qtsensors (5.15.2), qt5-qtserialbus (5.15.2), qt5-qtserialport (5.15.2), qt5-qtsvg (5.15.2), qt5-qttools (5.15.2), qt5-qttranslations (5.15.2), qt5-qtwayland (5.15.2), qt5-qtwebchannel (5.15.2), qt5-qtwebsockets (5.15.2), qt5-qtx11extras (5.15.2), qt5-qtxmlpatterns (5.15.2), sip (4.19.24). (BZ#1928156)

Security Fix(es):

  • qt: Out of bounds read in function QRadialFetchSimd from crafted svg file (CVE-2021-3481)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / adwaita-qt

Package

Name
adwaita-qt
Purl
pkg:rpm/rocky-linux/adwaita-qt?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.2.1-3.el8

Rocky Linux:8 / python-qt5

Package

Name
python-qt5
Purl
pkg:rpm/rocky-linux/python-qt5?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.15.0-2.el8

Rocky Linux:8 / qgnomeplatform

Package

Name
qgnomeplatform
Purl
pkg:rpm/rocky-linux/qgnomeplatform?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.7.1-2.el8

Rocky Linux:8 / sip

Package

Name
sip
Purl
pkg:rpm/rocky-linux/sip?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.19.24-2.el8