libqt4-32bit-4.8.7-5.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10180-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libqt4-32bit-4.8.7-5.4 on GA media These are all security issues fixed in the libqt4-32bit-4.8.7-5.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10180 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2009-0945/ SUSE CVE CVE-2009-0945 page https://www.suse.com/security/cve/CVE-2011-3193/ SUSE CVE CVE-2011-3193 page https://www.suse.com/security/cve/CVE-2011-3922/ SUSE CVE CVE-2011-3922 page https://www.suse.com/security/cve/CVE-2012-4929/ SUSE CVE CVE-2012-4929 page https://www.suse.com/security/cve/CVE-2012-6093/ SUSE CVE CVE-2012-6093 page https://www.suse.com/security/cve/CVE-2013-0254/ SUSE CVE CVE-2013-0254 page https://www.suse.com/security/cve/CVE-2013-4549/ SUSE CVE CVE-2013-4549 page https://www.suse.com/security/cve/CVE-2014-0190/ SUSE CVE CVE-2014-0190 page https://www.suse.com/security/cve/CVE-2015-0295/ SUSE CVE CVE-2015-0295 page https://www.suse.com/security/cve/CVE-2015-1858/ SUSE CVE CVE-2015-1858 page https://www.suse.com/security/cve/CVE-2015-1859/ SUSE CVE CVE-2015-1859 page https://www.suse.com/security/cve/CVE-2015-1860/ SUSE CVE CVE-2015-1860 page openSUSE Tumbleweed libqt4-4.8.7-5.4 libqt4-32bit-4.8.7-5.4 libqt4-devel-4.8.7-5.4 libqt4-devel-32bit-4.8.7-5.4 libqt4-devel-doc-4.8.7-5.5 libqt4-devel-doc-data-4.8.7-5.5 libqt4-linguist-4.8.7-5.4 libqt4-private-headers-devel-4.8.7-5.4 libqt4-qt3support-4.8.7-5.4 libqt4-qt3support-32bit-4.8.7-5.4 libqt4-sql-4.8.7-5.4 libqt4-sql-32bit-4.8.7-5.4 libqt4-sql-mysql-4.8.7-5.3 libqt4-sql-mysql-32bit-4.8.7-5.3 libqt4-sql-postgresql-4.8.7-5.3 libqt4-sql-postgresql-32bit-4.8.7-5.3 libqt4-sql-sqlite-4.8.7-5.4 libqt4-sql-sqlite-32bit-4.8.7-5.4 libqt4-sql-unixODBC-4.8.7-5.3 libqt4-sql-unixODBC-32bit-4.8.7-5.3 libqt4-x11-4.8.7-5.4 libqt4-x11-32bit-4.8.7-5.4 qt4-x11-tools-4.8.7-5.5 libqt4-4.8.7-5.4 as a component of openSUSE Tumbleweed libqt4-32bit-4.8.7-5.4 as a component of openSUSE Tumbleweed libqt4-devel-4.8.7-5.4 as a component of openSUSE Tumbleweed libqt4-devel-32bit-4.8.7-5.4 as a component of openSUSE Tumbleweed libqt4-devel-doc-4.8.7-5.5 as a component of openSUSE Tumbleweed libqt4-devel-doc-data-4.8.7-5.5 as a component of openSUSE Tumbleweed libqt4-linguist-4.8.7-5.4 as a component of openSUSE Tumbleweed libqt4-private-headers-devel-4.8.7-5.4 as a component of openSUSE Tumbleweed libqt4-qt3support-4.8.7-5.4 as a component of openSUSE Tumbleweed libqt4-qt3support-32bit-4.8.7-5.4 as a component of openSUSE Tumbleweed libqt4-sql-4.8.7-5.4 as a component of openSUSE Tumbleweed libqt4-sql-32bit-4.8.7-5.4 as a component of openSUSE Tumbleweed libqt4-sql-mysql-4.8.7-5.3 as a component of openSUSE Tumbleweed libqt4-sql-mysql-32bit-4.8.7-5.3 as a component of openSUSE Tumbleweed libqt4-sql-postgresql-4.8.7-5.3 as a component of openSUSE Tumbleweed libqt4-sql-postgresql-32bit-4.8.7-5.3 as a component of openSUSE Tumbleweed libqt4-sql-sqlite-4.8.7-5.4 as a component of openSUSE Tumbleweed libqt4-sql-sqlite-32bit-4.8.7-5.4 as a component of openSUSE Tumbleweed libqt4-sql-unixODBC-4.8.7-5.3 as a component of openSUSE Tumbleweed libqt4-sql-unixODBC-32bit-4.8.7-5.3 as a component of openSUSE Tumbleweed libqt4-x11-4.8.7-5.4 as a component of openSUSE Tumbleweed libqt4-x11-32bit-4.8.7-5.4 as a component of openSUSE Tumbleweed qt4-x11-tools-4.8.7-5.5 as a component of openSUSE Tumbleweed Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. CVE-2009-0945 openSUSE Tumbleweed:libqt4-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-doc-4.8.7-5.5 openSUSE Tumbleweed:libqt4-devel-doc-data-4.8.7-5.5 openSUSE Tumbleweed:libqt4-linguist-4.8.7-5.4 openSUSE Tumbleweed:libqt4-private-headers-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-mysql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-mysql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-sqlite-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-sqlite-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-unixODBC-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-unixODBC-4.8.7-5.3 openSUSE Tumbleweed:libqt4-x11-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-x11-4.8.7-5.4 openSUSE Tumbleweed:qt4-x11-tools-4.8.7-5.5 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-0945.html CVE-2009-0945 https://bugzilla.suse.com/512559 SUSE Bug 512559 https://bugzilla.suse.com/515124 SUSE Bug 515124 https://bugzilla.suse.com/541632 SUSE Bug 541632 https://bugzilla.suse.com/601349 SUSE Bug 601349 https://bugzilla.suse.com/644114 SUSE Bug 644114 Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. CVE-2011-3193 openSUSE Tumbleweed:libqt4-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-doc-4.8.7-5.5 openSUSE Tumbleweed:libqt4-devel-doc-data-4.8.7-5.5 openSUSE Tumbleweed:libqt4-linguist-4.8.7-5.4 openSUSE Tumbleweed:libqt4-private-headers-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-mysql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-mysql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-sqlite-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-sqlite-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-unixODBC-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-unixODBC-4.8.7-5.3 openSUSE Tumbleweed:libqt4-x11-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-x11-4.8.7-5.4 openSUSE Tumbleweed:qt4-x11-tools-4.8.7-5.5 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3193.html CVE-2011-3193 https://bugzilla.suse.com/714984 SUSE Bug 714984 Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling. CVE-2011-3922 openSUSE Tumbleweed:libqt4-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-doc-4.8.7-5.5 openSUSE Tumbleweed:libqt4-devel-doc-data-4.8.7-5.5 openSUSE Tumbleweed:libqt4-linguist-4.8.7-5.4 openSUSE Tumbleweed:libqt4-private-headers-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-mysql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-mysql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-sqlite-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-sqlite-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-unixODBC-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-unixODBC-4.8.7-5.3 openSUSE Tumbleweed:libqt4-x11-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-x11-4.8.7-5.4 openSUSE Tumbleweed:qt4-x11-tools-4.8.7-5.5 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3922.html CVE-2011-3922 https://bugzilla.suse.com/739904 SUSE Bug 739904 https://bugzilla.suse.com/740493 SUSE Bug 740493 The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. CVE-2012-4929 openSUSE Tumbleweed:libqt4-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-doc-4.8.7-5.5 openSUSE Tumbleweed:libqt4-devel-doc-data-4.8.7-5.5 openSUSE Tumbleweed:libqt4-linguist-4.8.7-5.4 openSUSE Tumbleweed:libqt4-private-headers-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-mysql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-mysql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-sqlite-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-sqlite-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-unixODBC-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-unixODBC-4.8.7-5.3 openSUSE Tumbleweed:libqt4-x11-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-x11-4.8.7-5.4 openSUSE Tumbleweed:qt4-x11-tools-4.8.7-5.5 low 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4929.html CVE-2012-4929 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/779952 SUSE Bug 779952 https://bugzilla.suse.com/793420 SUSE Bug 793420 https://bugzilla.suse.com/803004 SUSE Bug 803004 https://bugzilla.suse.com/847895 SUSE Bug 847895 The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. CVE-2012-6093 openSUSE Tumbleweed:libqt4-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-doc-4.8.7-5.5 openSUSE Tumbleweed:libqt4-devel-doc-data-4.8.7-5.5 openSUSE Tumbleweed:libqt4-linguist-4.8.7-5.4 openSUSE Tumbleweed:libqt4-private-headers-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-mysql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-mysql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-sqlite-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-sqlite-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-unixODBC-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-unixODBC-4.8.7-5.3 openSUSE Tumbleweed:libqt4-x11-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-x11-4.8.7-5.4 openSUSE Tumbleweed:qt4-x11-tools-4.8.7-5.5 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-6093.html CVE-2012-6093 https://bugzilla.suse.com/797006 SUSE Bug 797006 https://bugzilla.suse.com/802634 SUSE Bug 802634 The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. CVE-2013-0254 openSUSE Tumbleweed:libqt4-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-doc-4.8.7-5.5 openSUSE Tumbleweed:libqt4-devel-doc-data-4.8.7-5.5 openSUSE Tumbleweed:libqt4-linguist-4.8.7-5.4 openSUSE Tumbleweed:libqt4-private-headers-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-mysql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-mysql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-sqlite-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-sqlite-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-unixODBC-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-unixODBC-4.8.7-5.3 openSUSE Tumbleweed:libqt4-x11-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-x11-4.8.7-5.4 openSUSE Tumbleweed:qt4-x11-tools-4.8.7-5.5 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0254.html CVE-2013-0254 https://bugzilla.suse.com/802634 SUSE Bug 802634 QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. CVE-2013-4549 openSUSE Tumbleweed:libqt4-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-doc-4.8.7-5.5 openSUSE Tumbleweed:libqt4-devel-doc-data-4.8.7-5.5 openSUSE Tumbleweed:libqt4-linguist-4.8.7-5.4 openSUSE Tumbleweed:libqt4-private-headers-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-mysql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-mysql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-sqlite-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-sqlite-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-unixODBC-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-unixODBC-4.8.7-5.3 openSUSE Tumbleweed:libqt4-x11-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-x11-4.8.7-5.4 openSUSE Tumbleweed:qt4-x11-tools-4.8.7-5.5 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4549.html CVE-2013-4549 https://bugzilla.suse.com/1039291 SUSE Bug 1039291 https://bugzilla.suse.com/856832 SUSE Bug 856832 The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. CVE-2014-0190 openSUSE Tumbleweed:libqt4-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-doc-4.8.7-5.5 openSUSE Tumbleweed:libqt4-devel-doc-data-4.8.7-5.5 openSUSE Tumbleweed:libqt4-linguist-4.8.7-5.4 openSUSE Tumbleweed:libqt4-private-headers-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-mysql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-mysql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-sqlite-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-sqlite-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-unixODBC-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-unixODBC-4.8.7-5.3 openSUSE Tumbleweed:libqt4-x11-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-x11-4.8.7-5.4 openSUSE Tumbleweed:qt4-x11-tools-4.8.7-5.5 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0190.html CVE-2014-0190 https://bugzilla.suse.com/875470 SUSE Bug 875470 The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. CVE-2015-0295 openSUSE Tumbleweed:libqt4-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-doc-4.8.7-5.5 openSUSE Tumbleweed:libqt4-devel-doc-data-4.8.7-5.5 openSUSE Tumbleweed:libqt4-linguist-4.8.7-5.4 openSUSE Tumbleweed:libqt4-private-headers-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-mysql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-mysql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-sqlite-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-sqlite-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-unixODBC-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-unixODBC-4.8.7-5.3 openSUSE Tumbleweed:libqt4-x11-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-x11-4.8.7-5.4 openSUSE Tumbleweed:qt4-x11-tools-4.8.7-5.5 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0295.html CVE-2015-0295 https://bugzilla.suse.com/921999 SUSE Bug 921999 https://bugzilla.suse.com/927806 SUSE Bug 927806 https://bugzilla.suse.com/927807 SUSE Bug 927807 https://bugzilla.suse.com/927808 SUSE Bug 927808 https://bugzilla.suse.com/936523 SUSE Bug 936523 Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. CVE-2015-1858 openSUSE Tumbleweed:libqt4-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-doc-4.8.7-5.5 openSUSE Tumbleweed:libqt4-devel-doc-data-4.8.7-5.5 openSUSE Tumbleweed:libqt4-linguist-4.8.7-5.4 openSUSE Tumbleweed:libqt4-private-headers-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-mysql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-mysql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-sqlite-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-sqlite-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-unixODBC-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-unixODBC-4.8.7-5.3 openSUSE Tumbleweed:libqt4-x11-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-x11-4.8.7-5.4 openSUSE Tumbleweed:qt4-x11-tools-4.8.7-5.5 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1858.html CVE-2015-1858 https://bugzilla.suse.com/921999 SUSE Bug 921999 https://bugzilla.suse.com/927806 SUSE Bug 927806 https://bugzilla.suse.com/927807 SUSE Bug 927807 https://bugzilla.suse.com/927808 SUSE Bug 927808 Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. CVE-2015-1859 openSUSE Tumbleweed:libqt4-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-doc-4.8.7-5.5 openSUSE Tumbleweed:libqt4-devel-doc-data-4.8.7-5.5 openSUSE Tumbleweed:libqt4-linguist-4.8.7-5.4 openSUSE Tumbleweed:libqt4-private-headers-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-mysql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-mysql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-sqlite-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-sqlite-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-unixODBC-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-unixODBC-4.8.7-5.3 openSUSE Tumbleweed:libqt4-x11-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-x11-4.8.7-5.4 openSUSE Tumbleweed:qt4-x11-tools-4.8.7-5.5 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1859.html CVE-2015-1859 https://bugzilla.suse.com/921999 SUSE Bug 921999 https://bugzilla.suse.com/927806 SUSE Bug 927806 https://bugzilla.suse.com/927807 SUSE Bug 927807 https://bugzilla.suse.com/927808 SUSE Bug 927808 Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. CVE-2015-1860 openSUSE Tumbleweed:libqt4-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-devel-doc-4.8.7-5.5 openSUSE Tumbleweed:libqt4-devel-doc-data-4.8.7-5.5 openSUSE Tumbleweed:libqt4-linguist-4.8.7-5.4 openSUSE Tumbleweed:libqt4-private-headers-devel-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-qt3support-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-mysql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-mysql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-postgresql-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-sqlite-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-sqlite-4.8.7-5.4 openSUSE Tumbleweed:libqt4-sql-unixODBC-32bit-4.8.7-5.3 openSUSE Tumbleweed:libqt4-sql-unixODBC-4.8.7-5.3 openSUSE Tumbleweed:libqt4-x11-32bit-4.8.7-5.4 openSUSE Tumbleweed:libqt4-x11-4.8.7-5.4 openSUSE Tumbleweed:qt4-x11-tools-4.8.7-5.5 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1860.html CVE-2015-1860 https://bugzilla.suse.com/921999 SUSE Bug 921999 https://bugzilla.suse.com/927806 SUSE Bug 927806 https://bugzilla.suse.com/927807 SUSE Bug 927807 https://bugzilla.suse.com/927808 SUSE Bug 927808