Security update for libqt5-qtnetworkauth SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:0143-1 Final 1 1 2024-05-27T13:00:29Z current 2024-05-27T13:00:29Z 2024-05-27T13:00:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libqt5-qtnetworkauth This update for libqt5-qtnetworkauth fixes the following issues: - CVE-2024-36048: Fixed data race and poor seeding in generateRandomString() (boo#1224782). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2024-143 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5URUTAIVXSJ76TICREGEFK7QSJ244FKX/ E-Mail link for openSUSE-SU-2024:0143-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1224782 SUSE Bug 1224782 https://www.suse.com/security/cve/CVE-2024-36048/ SUSE CVE CVE-2024-36048 page SUSE Package Hub 15 SP5 openSUSE Leap 15.5 libQt5NetworkAuth5-5.15.2+kde2-bp155.3.3.1 libQt5NetworkAuth5-32bit-5.15.2+kde2-bp155.3.3.1 libQt5NetworkAuth5-64bit-5.15.2+kde2-bp155.3.3.1 libqt5-qtnetworkauth-devel-5.15.2+kde2-bp155.3.3.1 libqt5-qtnetworkauth-devel-32bit-5.15.2+kde2-bp155.3.3.1 libqt5-qtnetworkauth-devel-64bit-5.15.2+kde2-bp155.3.3.1 libqt5-qtnetworkauth-examples-5.15.2+kde2-bp155.3.3.1 libqt5-qtnetworkauth-private-headers-devel-5.15.2+kde2-bp155.3.3.1 libQt5NetworkAuth5-5.15.2+kde2-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 libQt5NetworkAuth5-32bit-5.15.2+kde2-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 libQt5NetworkAuth5-64bit-5.15.2+kde2-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 libqt5-qtnetworkauth-devel-5.15.2+kde2-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 libqt5-qtnetworkauth-devel-32bit-5.15.2+kde2-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 libqt5-qtnetworkauth-devel-64bit-5.15.2+kde2-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 libqt5-qtnetworkauth-examples-5.15.2+kde2-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 libqt5-qtnetworkauth-private-headers-devel-5.15.2+kde2-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 libQt5NetworkAuth5-5.15.2+kde2-bp155.3.3.1 as a component of openSUSE Leap 15.5 libQt5NetworkAuth5-32bit-5.15.2+kde2-bp155.3.3.1 as a component of openSUSE Leap 15.5 libQt5NetworkAuth5-64bit-5.15.2+kde2-bp155.3.3.1 as a component of openSUSE Leap 15.5 libqt5-qtnetworkauth-devel-5.15.2+kde2-bp155.3.3.1 as a component of openSUSE Leap 15.5 libqt5-qtnetworkauth-devel-32bit-5.15.2+kde2-bp155.3.3.1 as a component of openSUSE Leap 15.5 libqt5-qtnetworkauth-devel-64bit-5.15.2+kde2-bp155.3.3.1 as a component of openSUSE Leap 15.5 libqt5-qtnetworkauth-examples-5.15.2+kde2-bp155.3.3.1 as a component of openSUSE Leap 15.5 libqt5-qtnetworkauth-private-headers-devel-5.15.2+kde2-bp155.3.3.1 as a component of openSUSE Leap 15.5 QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values. CVE-2024-36048 SUSE Package Hub 15 SP5:libQt5NetworkAuth5-32bit-5.15.2+kde2-bp155.3.3.1 SUSE Package Hub 15 SP5:libQt5NetworkAuth5-5.15.2+kde2-bp155.3.3.1 SUSE Package Hub 15 SP5:libQt5NetworkAuth5-64bit-5.15.2+kde2-bp155.3.3.1 SUSE Package Hub 15 SP5:libqt5-qtnetworkauth-devel-32bit-5.15.2+kde2-bp155.3.3.1 SUSE Package Hub 15 SP5:libqt5-qtnetworkauth-devel-5.15.2+kde2-bp155.3.3.1 SUSE Package Hub 15 SP5:libqt5-qtnetworkauth-devel-64bit-5.15.2+kde2-bp155.3.3.1 SUSE Package Hub 15 SP5:libqt5-qtnetworkauth-examples-5.15.2+kde2-bp155.3.3.1 SUSE Package Hub 15 SP5:libqt5-qtnetworkauth-private-headers-devel-5.15.2+kde2-bp155.3.3.1 openSUSE Leap 15.5:libQt5NetworkAuth5-32bit-5.15.2+kde2-bp155.3.3.1 openSUSE Leap 15.5:libQt5NetworkAuth5-5.15.2+kde2-bp155.3.3.1 openSUSE Leap 15.5:libQt5NetworkAuth5-64bit-5.15.2+kde2-bp155.3.3.1 openSUSE Leap 15.5:libqt5-qtnetworkauth-devel-32bit-5.15.2+kde2-bp155.3.3.1 openSUSE Leap 15.5:libqt5-qtnetworkauth-devel-5.15.2+kde2-bp155.3.3.1 openSUSE Leap 15.5:libqt5-qtnetworkauth-devel-64bit-5.15.2+kde2-bp155.3.3.1 openSUSE Leap 15.5:libqt5-qtnetworkauth-examples-5.15.2+kde2-bp155.3.3.1 openSUSE Leap 15.5:libqt5-qtnetworkauth-private-headers-devel-5.15.2+kde2-bp155.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5URUTAIVXSJ76TICREGEFK7QSJ244FKX/ https://www.suse.com/security/cve/CVE-2024-36048.html CVE-2024-36048 https://bugzilla.suse.com/1224782 SUSE Bug 1224782