Oval Definition:oval:com.redhat.rhsa:def:20204690
Revision Date:2020-11-04Version:636
Title:RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate)
Description:Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt.

Security Fix(es):

  • qt: XML entity expansion vulnerability (CVE-2015-9541)

  • qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages therefore attacker can cause DOS (CVE-2018-21035)

  • qt: files placed by attacker can influence the working directory and lead to malicious code execution (CVE-2020-0569)

  • qt: files placed by attacker can influence the working directory and lead to malicious code execution (CVE-2020-0570)

  • qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications (CVE-2020-13962)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2015-9541
    CVE-2018-21035
    CVE-2020-0569
    CVE-2020-0570
    CVE-2020-13962
    RHSA-2020:4690
    Platform(s):Red Hat Enterprise Linux 8
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 8 is installed
  • OR Red Hat CoreOS 4 is installed
  • AND
  • qt5-qtwebsockets is earlier than 0:5.12.5-2.el8
  • AND qt5-qtwebsockets is signed with Red Hat redhatrelease2 key
  • qt5-qtwebsockets-devel is earlier than 0:5.12.5-2.el8
  • AND qt5-qtwebsockets-devel is signed with Red Hat redhatrelease2 key
  • qt5-qtwebsockets-examples is earlier than 0:5.12.5-2.el8
  • AND qt5-qtwebsockets-examples is signed with Red Hat redhatrelease2 key
  • qt5-assistant is earlier than 0:5.12.5-2.el8
  • AND qt5-assistant is signed with Red Hat redhatrelease2 key
  • qt5-designer is earlier than 0:5.12.5-2.el8
  • AND qt5-designer is signed with Red Hat redhatrelease2 key
  • qt5-doctools is earlier than 0:5.12.5-2.el8
  • AND qt5-doctools is signed with Red Hat redhatrelease2 key
  • qt5-linguist is earlier than 0:5.12.5-2.el8
  • AND qt5-linguist is signed with Red Hat redhatrelease2 key
  • qt5-qdbusviewer is earlier than 0:5.12.5-2.el8
  • AND qt5-qdbusviewer is signed with Red Hat redhatrelease2 key
  • qt5-qttools is earlier than 0:5.12.5-2.el8
  • AND qt5-qttools is signed with Red Hat redhatrelease2 key
  • qt5-qttools-common is earlier than 0:5.12.5-2.el8
  • AND qt5-qttools-common is signed with Red Hat redhatrelease2 key
  • qt5-qttools-devel is earlier than 0:5.12.5-2.el8
  • AND qt5-qttools-devel is signed with Red Hat redhatrelease2 key
  • qt5-qttools-examples is earlier than 0:5.12.5-2.el8
  • AND qt5-qttools-examples is signed with Red Hat redhatrelease2 key
  • qt5-qttools-libs-designer is earlier than 0:5.12.5-2.el8
  • AND qt5-qttools-libs-designer is signed with Red Hat redhatrelease2 key
  • qt5-qttools-libs-designercomponents is earlier than 0:5.12.5-2.el8
  • AND qt5-qttools-libs-designercomponents is signed with Red Hat redhatrelease2 key
  • qt5-qttools-libs-help is earlier than 0:5.12.5-2.el8
  • AND qt5-qttools-libs-help is signed with Red Hat redhatrelease2 key
  • qt5-qttools-static is earlier than 0:5.12.5-2.el8
  • AND qt5-qttools-static is signed with Red Hat redhatrelease2 key
  • qt5-qtbase is earlier than 0:5.12.5-6.el8
  • AND qt5-qtbase is signed with Red Hat redhatrelease2 key
  • qt5-qtbase-common is earlier than 0:5.12.5-6.el8
  • AND qt5-qtbase-common is signed with Red Hat redhatrelease2 key
  • qt5-qtbase-devel is earlier than 0:5.12.5-6.el8
  • AND qt5-qtbase-devel is signed with Red Hat redhatrelease2 key
  • qt5-qtbase-examples is earlier than 0:5.12.5-6.el8
  • AND qt5-qtbase-examples is signed with Red Hat redhatrelease2 key
  • qt5-qtbase-gui is earlier than 0:5.12.5-6.el8
  • AND qt5-qtbase-gui is signed with Red Hat redhatrelease2 key
  • qt5-qtbase-mysql is earlier than 0:5.12.5-6.el8
  • AND qt5-qtbase-mysql is signed with Red Hat redhatrelease2 key
  • qt5-qtbase-odbc is earlier than 0:5.12.5-6.el8
  • AND qt5-qtbase-odbc is signed with Red Hat redhatrelease2 key
  • qt5-qtbase-postgresql is earlier than 0:5.12.5-6.el8
  • AND qt5-qtbase-postgresql is signed with Red Hat redhatrelease2 key
  • qt5-qtbase-private-devel is earlier than 0:5.12.5-6.el8
  • AND qt5-qtbase-private-devel is signed with Red Hat redhatrelease2 key
  • qt5-qtbase-static is earlier than 0:5.12.5-6.el8
  • AND qt5-qtbase-static is signed with Red Hat redhatrelease2 key
  • BACK