qt3-3.3.8c-140.6 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10287-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z qt3-3.3.8c-140.6 on GA media These are all security issues fixed in the qt3-3.3.8c-140.6 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10287 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2013-4549/ SUSE CVE CVE-2013-4549 page https://www.suse.com/security/cve/CVE-2015-0295/ SUSE CVE CVE-2015-0295 page https://www.suse.com/security/cve/CVE-2015-1860/ SUSE CVE CVE-2015-1860 page openSUSE Tumbleweed qt3-3.3.8c-140.6 qt3-32bit-3.3.8c-140.6 qt3-devel-3.3.8c-140.6 qt3-devel-32bit-3.3.8c-140.6 qt3-3.3.8c-140.6 as a component of openSUSE Tumbleweed qt3-32bit-3.3.8c-140.6 as a component of openSUSE Tumbleweed qt3-devel-3.3.8c-140.6 as a component of openSUSE Tumbleweed qt3-devel-32bit-3.3.8c-140.6 as a component of openSUSE Tumbleweed QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. CVE-2013-4549 openSUSE Tumbleweed:qt3-3.3.8c-140.6 openSUSE Tumbleweed:qt3-32bit-3.3.8c-140.6 openSUSE Tumbleweed:qt3-devel-3.3.8c-140.6 openSUSE Tumbleweed:qt3-devel-32bit-3.3.8c-140.6 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4549.html CVE-2013-4549 https://bugzilla.suse.com/1039291 SUSE Bug 1039291 https://bugzilla.suse.com/856832 SUSE Bug 856832 The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. CVE-2015-0295 openSUSE Tumbleweed:qt3-3.3.8c-140.6 openSUSE Tumbleweed:qt3-32bit-3.3.8c-140.6 openSUSE Tumbleweed:qt3-devel-3.3.8c-140.6 openSUSE Tumbleweed:qt3-devel-32bit-3.3.8c-140.6 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0295.html CVE-2015-0295 https://bugzilla.suse.com/921999 SUSE Bug 921999 https://bugzilla.suse.com/927806 SUSE Bug 927806 https://bugzilla.suse.com/927807 SUSE Bug 927807 https://bugzilla.suse.com/927808 SUSE Bug 927808 https://bugzilla.suse.com/936523 SUSE Bug 936523 Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. CVE-2015-1860 openSUSE Tumbleweed:qt3-3.3.8c-140.6 openSUSE Tumbleweed:qt3-32bit-3.3.8c-140.6 openSUSE Tumbleweed:qt3-devel-3.3.8c-140.6 openSUSE Tumbleweed:qt3-devel-32bit-3.3.8c-140.6 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1860.html CVE-2015-1860 https://bugzilla.suse.com/921999 SUSE Bug 921999 https://bugzilla.suse.com/927806 SUSE Bug 927806 https://bugzilla.suse.com/927807 SUSE Bug 927807 https://bugzilla.suse.com/927808 SUSE Bug 927808