Security update for libqt5-qtsvg SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:2981-1 Final 1 1 2023-07-26T07:59:21Z current 2023-07-26T07:59:21Z 2023-07-26T07:59:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libqt5-qtsvg This update for libqt5-qtsvg fixes the following issues: - CVE-2021-45930: Fixed an out-of-bounds write that may have lead to a denial-of-service (bsc#1196654). - CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont m_unitsPerEm variable (bsc#1211298). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP4-SAP-Azure-LI-BYOS-2023-2981,Image SLES15-SP4-SAP-Azure-LI-BYOS-Production-2023-2981,Image SLES15-SP4-SAP-Azure-VLI-BYOS-2023-2981,Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production-2023-2981,Image SLES15-SP4-SAP-Hardened-2023-2981,Image SLES15-SP4-SAP-Hardened-Azure-2023-2981,Image SLES15-SP4-SAP-Hardened-BYOS-2023-2981,Image SLES15-SP4-SAP-Hardened-BYOS-Azure-2023-2981,Image SLES15-SP4-SAP-Hardened-BYOS-EC2-2023-2981,Image SLES15-SP4-SAP-Hardened-BYOS-GCE-2023-2981,Image SLES15-SP4-SAP-Hardened-GCE-2023-2981,SUSE-2023-2981,SUSE-SLE-Module-Basesystem-15-SP4-2023-2981,SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2981,openSUSE-SLE-15.4-2023-2981 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20232981-1/ Link for SUSE-SU-2023:2981-1 https://lists.suse.com/pipermail/sle-security-updates/2023-July/015638.html E-Mail link for SUSE-SU-2023:2981-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1196654 SUSE Bug 1196654 https://bugzilla.suse.com/1211298 SUSE Bug 1211298 https://www.suse.com/security/cve/CVE-2021-45930/ SUSE CVE CVE-2021-45930 page https://www.suse.com/security/cve/CVE-2023-32573/ SUSE CVE CVE-2023-32573 page Image SLES15-SP4-SAP-Azure-LI-BYOS Image SLES15-SP4-SAP-Azure-LI-BYOS-Production Image SLES15-SP4-SAP-Azure-VLI-BYOS Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production Image SLES15-SP4-SAP-Hardened Image SLES15-SP4-SAP-Hardened-Azure Image SLES15-SP4-SAP-Hardened-BYOS Image SLES15-SP4-SAP-Hardened-BYOS-Azure Image SLES15-SP4-SAP-Hardened-BYOS-EC2 Image SLES15-SP4-SAP-Hardened-BYOS-GCE Image SLES15-SP4-SAP-Hardened-GCE SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Desktop Applications 15 SP4 openSUSE Leap 15.4 libQt5Svg5-5.15.2+kde16-150400.3.3.1 libQt5Svg5-32bit-5.15.2+kde16-150400.3.3.1 libQt5Svg5-64bit-5.15.2+kde16-150400.3.3.1 libqt5-qtsvg-devel-5.15.2+kde16-150400.3.3.1 libqt5-qtsvg-devel-32bit-5.15.2+kde16-150400.3.3.1 libqt5-qtsvg-devel-64bit-5.15.2+kde16-150400.3.3.1 libqt5-qtsvg-examples-5.15.2+kde16-150400.3.3.1 libqt5-qtsvg-private-headers-devel-5.15.2+kde16-150400.3.3.1 libQt5Svg5-5.15.2+kde16-150400.3.3.1 as a component of Image SLES15-SP4-SAP-Azure-LI-BYOS libQt5Svg5-5.15.2+kde16-150400.3.3.1 as a component of Image SLES15-SP4-SAP-Azure-LI-BYOS-Production libQt5Svg5-5.15.2+kde16-150400.3.3.1 as a component of Image SLES15-SP4-SAP-Azure-VLI-BYOS libQt5Svg5-5.15.2+kde16-150400.3.3.1 as a component of Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production libQt5Svg5-5.15.2+kde16-150400.3.3.1 as a component of Image SLES15-SP4-SAP-Hardened libQt5Svg5-5.15.2+kde16-150400.3.3.1 as a component of Image SLES15-SP4-SAP-Hardened-Azure libQt5Svg5-5.15.2+kde16-150400.3.3.1 as a component of Image SLES15-SP4-SAP-Hardened-BYOS libQt5Svg5-5.15.2+kde16-150400.3.3.1 as a component of Image SLES15-SP4-SAP-Hardened-BYOS-Azure libQt5Svg5-5.15.2+kde16-150400.3.3.1 as a component of Image SLES15-SP4-SAP-Hardened-BYOS-EC2 libQt5Svg5-5.15.2+kde16-150400.3.3.1 as a component of Image SLES15-SP4-SAP-Hardened-BYOS-GCE libQt5Svg5-5.15.2+kde16-150400.3.3.1 as a component of Image SLES15-SP4-SAP-Hardened-GCE libQt5Svg5-5.15.2+kde16-150400.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libqt5-qtsvg-devel-5.15.2+kde16-150400.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libqt5-qtsvg-private-headers-devel-5.15.2+kde16-150400.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP4 libQt5Svg5-5.15.2+kde16-150400.3.3.1 as a component of openSUSE Leap 15.4 libQt5Svg5-32bit-5.15.2+kde16-150400.3.3.1 as a component of openSUSE Leap 15.4 libqt5-qtsvg-devel-5.15.2+kde16-150400.3.3.1 as a component of openSUSE Leap 15.4 libqt5-qtsvg-devel-32bit-5.15.2+kde16-150400.3.3.1 as a component of openSUSE Leap 15.4 libqt5-qtsvg-examples-5.15.2+kde16-150400.3.3.1 as a component of openSUSE Leap 15.4 libqt5-qtsvg-private-headers-devel-5.15.2+kde16-150400.3.3.1 as a component of openSUSE Leap 15.4 Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). CVE-2021-45930 Image SLES15-SP4-SAP-Azure-LI-BYOS-Production:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Azure-LI-BYOS:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Azure-VLI-BYOS:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Hardened-Azure:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Hardened-BYOS-Azure:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Hardened-BYOS-EC2:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Hardened-BYOS-GCE:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Hardened-BYOS:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Hardened-GCE:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Hardened:libQt5Svg5-5.15.2+kde16-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:libQt5Svg5-5.15.2+kde16-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:libqt5-qtsvg-devel-5.15.2+kde16-150400.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP4:libqt5-qtsvg-private-headers-devel-5.15.2+kde16-150400.3.3.1 openSUSE Leap 15.4:libQt5Svg5-32bit-5.15.2+kde16-150400.3.3.1 openSUSE Leap 15.4:libQt5Svg5-5.15.2+kde16-150400.3.3.1 openSUSE Leap 15.4:libqt5-qtsvg-devel-32bit-5.15.2+kde16-150400.3.3.1 openSUSE Leap 15.4:libqt5-qtsvg-devel-5.15.2+kde16-150400.3.3.1 openSUSE Leap 15.4:libqt5-qtsvg-examples-5.15.2+kde16-150400.3.3.1 openSUSE Leap 15.4:libqt5-qtsvg-private-headers-devel-5.15.2+kde16-150400.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232981-1/ https://www.suse.com/security/cve/CVE-2021-45930.html CVE-2021-45930 https://bugzilla.suse.com/1196654 SUSE Bug 1196654 In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. CVE-2023-32573 Image SLES15-SP4-SAP-Azure-LI-BYOS-Production:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Azure-LI-BYOS:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Azure-VLI-BYOS:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Hardened-Azure:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Hardened-BYOS-Azure:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Hardened-BYOS-EC2:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Hardened-BYOS-GCE:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Hardened-BYOS:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Hardened-GCE:libQt5Svg5-5.15.2+kde16-150400.3.3.1 Image SLES15-SP4-SAP-Hardened:libQt5Svg5-5.15.2+kde16-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:libQt5Svg5-5.15.2+kde16-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:libqt5-qtsvg-devel-5.15.2+kde16-150400.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP4:libqt5-qtsvg-private-headers-devel-5.15.2+kde16-150400.3.3.1 openSUSE Leap 15.4:libQt5Svg5-32bit-5.15.2+kde16-150400.3.3.1 openSUSE Leap 15.4:libQt5Svg5-5.15.2+kde16-150400.3.3.1 openSUSE Leap 15.4:libqt5-qtsvg-devel-32bit-5.15.2+kde16-150400.3.3.1 openSUSE Leap 15.4:libqt5-qtsvg-devel-5.15.2+kde16-150400.3.3.1 openSUSE Leap 15.4:libqt5-qtsvg-examples-5.15.2+kde16-150400.3.3.1 openSUSE Leap 15.4:libqt5-qtsvg-private-headers-devel-5.15.2+kde16-150400.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232981-1/ https://www.suse.com/security/cve/CVE-2023-32573.html CVE-2023-32573 https://bugzilla.suse.com/1211298 SUSE Bug 1211298