RHSA-2020:4690-01 -- Redhat qt5-qtbase, qt5-qttools, qt5-qtwebsocketsID: oval:org.secpod.oval:def:504752 | Date: (C)2020-12-23 (M)2023-09-20 |
Class: PATCH | Family: unix |
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix: * qt: XML entity expansion vulnerability * qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages therefore attacker can cause DOS * qt: files placed by attacker can influence the working directory and lead to malicious code execution * qt: files placed by attacker can influence the working directory and lead to malicious code execution * qt5: incorrectly calls SSL_shutdown in OpenSSL mid-handshake causing denial of service in TLS applications For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Platform: |
Red Hat Enterprise Linux 8 |
Product: |
qt5-qtbase |
qt5-qttools |
qt5-qtwebsockets |