Security update for libqt4 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:4155-1 Final 1 1 2021-12-22T10:05:36Z current 2021-12-22T10:05:36Z 2021-12-22T10:05:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libqt4 This update for libqt4 fixes the following issues: - CVE-2021-3481: Fixed out of bounds read in QRadialFetchSimd() from crafted svg file (bsc#1184783). - CVE-2020-17507: Fixed buffer over-read in read_xbm_body() (bsc#1176315). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-4155,SUSE-SLE-SDK-12-SP5-2021-4155,SUSE-SLE-SERVER-12-SP5-2021-4155,SUSE-SLE-WE-12-SP5-2021-4155 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20214155-1/ Link for SUSE-SU-2021:4155-1 https://lists.suse.com/pipermail/sle-security-updates/2021-December/009927.html E-Mail link for SUSE-SU-2021:4155-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1176315 SUSE Bug 1176315 https://bugzilla.suse.com/1184783 SUSE Bug 1184783 https://www.suse.com/security/cve/CVE-2020-17507/ SUSE CVE CVE-2020-17507 page https://www.suse.com/security/cve/CVE-2021-3481/ SUSE CVE CVE-2021-3481 page SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SP5 libqt4-4.8.7-8.16.1 libqt4-32bit-4.8.7-8.16.1 libqt4-64bit-4.8.7-8.16.1 libqt4-devel-4.8.7-8.16.1 libqt4-devel-32bit-4.8.7-8.16.1 libqt4-devel-64bit-4.8.7-8.16.1 libqt4-devel-doc-4.8.7-8.16.2 libqt4-devel-doc-data-4.8.7-8.16.2 libqt4-linguist-4.8.7-8.16.1 libqt4-private-headers-devel-4.8.7-8.16.1 libqt4-qt3support-4.8.7-8.16.1 libqt4-qt3support-32bit-4.8.7-8.16.1 libqt4-qt3support-64bit-4.8.7-8.16.1 libqt4-sql-4.8.7-8.16.1 libqt4-sql-32bit-4.8.7-8.16.1 libqt4-sql-64bit-4.8.7-8.16.1 libqt4-sql-mysql-4.8.7-8.16.1 libqt4-sql-mysql-32bit-4.8.7-8.16.1 libqt4-sql-mysql-64bit-4.8.7-8.16.1 libqt4-sql-postgresql-4.8.7-8.16.1 libqt4-sql-postgresql-32bit-4.8.7-8.16.1 libqt4-sql-postgresql-64bit-4.8.7-8.16.1 libqt4-sql-sqlite-4.8.7-8.16.1 libqt4-sql-sqlite-32bit-4.8.7-8.16.1 libqt4-sql-sqlite-64bit-4.8.7-8.16.1 libqt4-sql-unixODBC-4.8.7-8.16.1 libqt4-sql-unixODBC-32bit-4.8.7-8.16.1 libqt4-sql-unixODBC-64bit-4.8.7-8.16.1 libqt4-x11-4.8.7-8.16.1 libqt4-x11-32bit-4.8.7-8.16.1 libqt4-x11-64bit-4.8.7-8.16.1 qt4-x11-tools-4.8.7-8.16.2 libqt4-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server 12 SP5 libqt4-32bit-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server 12 SP5 libqt4-qt3support-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server 12 SP5 libqt4-qt3support-32bit-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server 12 SP5 libqt4-sql-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server 12 SP5 libqt4-sql-32bit-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server 12 SP5 libqt4-sql-mysql-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server 12 SP5 libqt4-sql-sqlite-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server 12 SP5 libqt4-x11-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server 12 SP5 libqt4-x11-32bit-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server 12 SP5 qt4-x11-tools-4.8.7-8.16.2 as a component of SUSE Linux Enterprise Server 12 SP5 libqt4-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libqt4-32bit-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libqt4-qt3support-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libqt4-qt3support-32bit-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libqt4-sql-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libqt4-sql-32bit-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libqt4-sql-mysql-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libqt4-sql-sqlite-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libqt4-x11-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libqt4-x11-32bit-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 qt4-x11-tools-4.8.7-8.16.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libqt4-devel-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libqt4-devel-doc-4.8.7-8.16.2 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libqt4-devel-doc-data-4.8.7-8.16.2 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libqt4-linguist-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libqt4-private-headers-devel-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libqt4-sql-postgresql-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libqt4-sql-postgresql-32bit-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libqt4-sql-unixODBC-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libqt4-sql-unixODBC-32bit-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libqt4-sql-mysql-32bit-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 libqt4-sql-postgresql-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 libqt4-sql-postgresql-32bit-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 libqt4-sql-sqlite-32bit-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 libqt4-sql-unixODBC-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 libqt4-sql-unixODBC-32bit-4.8.7-8.16.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. CVE-2020-17507 SUSE Linux Enterprise Server 12 SP5:libqt4-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-sql-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-sql-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-sql-mysql-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-sql-sqlite-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-x11-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-x11-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:qt4-x11-tools-4.8.7-8.16.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-qt3support-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-qt3support-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-sql-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-sql-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-sql-mysql-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-sql-sqlite-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-x11-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-x11-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:qt4-x11-tools-4.8.7-8.16.2 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-devel-4.8.7-8.16.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-devel-doc-4.8.7-8.16.2 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-devel-doc-data-4.8.7-8.16.2 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-linguist-4.8.7-8.16.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-private-headers-devel-4.8.7-8.16.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-sql-postgresql-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-sql-postgresql-4.8.7-8.16.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-sql-unixODBC-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-sql-unixODBC-4.8.7-8.16.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libqt4-sql-mysql-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libqt4-sql-postgresql-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libqt4-sql-postgresql-4.8.7-8.16.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libqt4-sql-sqlite-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libqt4-sql-unixODBC-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libqt4-sql-unixODBC-4.8.7-8.16.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20214155-1/ https://www.suse.com/security/cve/CVE-2020-17507.html CVE-2020-17507 https://bugzilla.suse.com/1176315 SUSE Bug 1176315 A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. CVE-2021-3481 SUSE Linux Enterprise Server 12 SP5:libqt4-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-qt3support-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-sql-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-sql-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-sql-mysql-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-sql-sqlite-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-x11-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:libqt4-x11-4.8.7-8.16.1 SUSE Linux Enterprise Server 12 SP5:qt4-x11-tools-4.8.7-8.16.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-qt3support-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-qt3support-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-sql-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-sql-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-sql-mysql-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-sql-sqlite-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-x11-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libqt4-x11-4.8.7-8.16.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:qt4-x11-tools-4.8.7-8.16.2 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-devel-4.8.7-8.16.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-devel-doc-4.8.7-8.16.2 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-devel-doc-data-4.8.7-8.16.2 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-linguist-4.8.7-8.16.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-private-headers-devel-4.8.7-8.16.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-sql-postgresql-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-sql-postgresql-4.8.7-8.16.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-sql-unixODBC-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libqt4-sql-unixODBC-4.8.7-8.16.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libqt4-sql-mysql-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libqt4-sql-postgresql-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libqt4-sql-postgresql-4.8.7-8.16.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libqt4-sql-sqlite-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libqt4-sql-unixODBC-32bit-4.8.7-8.16.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libqt4-sql-unixODBC-4.8.7-8.16.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20214155-1/ https://www.suse.com/security/cve/CVE-2021-3481.html CVE-2021-3481 https://bugzilla.suse.com/1184783 SUSE Bug 1184783