SUSE update for qt6-base
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2023-24607 CVE-2023-32762 CVE-2023-33285 CVE-2023-34410 CVE-2023-38197 |
| CWE-ID | CWE-20 CWE-319 CWE-125 CWE-295 CWE-835 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Micro Operating systems & Components / Operating system Desktop Applications Module Operating systems & Components / Operating system SUSE Package Hub 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system qt6-docs-common Operating systems & Components / Operating system package or component qt6-base-private-devel Operating systems & Components / Operating system package or component qt6-base-devel Operating systems & Components / Operating system package or component libQt6DBus6 Operating systems & Components / Operating system package or component libQt6Gui6 Operating systems & Components / Operating system package or component libQt6OpenGL6 Operating systems & Components / Operating system package or component qt6-sql-postgresql Operating systems & Components / Operating system package or component libQt6OpenGLWidgets6 Operating systems & Components / Operating system package or component libQt6Gui6-debuginfo Operating systems & Components / Operating system package or component qt6-xml-devel Operating systems & Components / Operating system package or component qt6-test-devel Operating systems & Components / Operating system package or component qt6-sql-sqlite-debuginfo Operating systems & Components / Operating system package or component libQt6Test6 Operating systems & Components / Operating system package or component qt6-sql-mysql-debuginfo Operating systems & Components / Operating system package or component libQt6Concurrent6 Operating systems & Components / Operating system package or component qt6-printsupport-devel Operating systems & Components / Operating system package or component qt6-base-debuginfo Operating systems & Components / Operating system package or component qt6-sql-devel Operating systems & Components / Operating system package or component libQt6OpenGLWidgets6-debuginfo Operating systems & Components / Operating system package or component libQt6Core6-debuginfo Operating systems & Components / Operating system package or component qt6-sql-private-devel Operating systems & Components / Operating system package or component qt6-platformsupport-devel-static Operating systems & Components / Operating system package or component qt6-sql-mysql Operating systems & Components / Operating system package or component qt6-concurrent-devel Operating systems & Components / Operating system package or component qt6-platformsupport-private-devel Operating systems & Components / Operating system package or component qt6-printsupport-cups Operating systems & Components / Operating system package or component qt6-opengl-private-devel Operating systems & Components / Operating system package or component libQt6Xml6-debuginfo Operating systems & Components / Operating system package or component libQt6Network6 Operating systems & Components / Operating system package or component qt6-opengl-devel Operating systems & Components / Operating system package or component libQt6Sql6 Operating systems & Components / Operating system package or component qt6-widgets-devel Operating systems & Components / Operating system package or component qt6-sql-unixODBC-debuginfo Operating systems & Components / Operating system package or component libQt6Xml6 Operating systems & Components / Operating system package or component qt6-sql-postgresql-debuginfo Operating systems & Components / Operating system package or component qt6-sql-unixODBC Operating systems & Components / Operating system package or component qt6-networkinformation-nm-debuginfo Operating systems & Components / Operating system package or component qt6-dbus-private-devel Operating systems & Components / Operating system package or component libQt6PrintSupport6 Operating systems & Components / Operating system package or component qt6-printsupport-cups-debuginfo Operating systems & Components / Operating system package or component qt6-platformtheme-gtk3 Operating systems & Components / Operating system package or component qt6-networkinformation-glib-debuginfo Operating systems & Components / Operating system package or component qt6-kmssupport-devel-static Operating systems & Components / Operating system package or component qt6-network-tls-debuginfo Operating systems & Components / Operating system package or component qt6-network-tls Operating systems & Components / Operating system package or component qt6-xml-private-devel Operating systems & Components / Operating system package or component qt6-test-private-devel Operating systems & Components / Operating system package or component libQt6DBus6-debuginfo Operating systems & Components / Operating system package or component qt6-printsupport-private-devel Operating systems & Components / Operating system package or component qt6-core-private-devel Operating systems & Components / Operating system package or component qt6-networkinformation-nm Operating systems & Components / Operating system package or component qt6-base-debugsource Operating systems & Components / Operating system package or component qt6-network-devel Operating systems & Components / Operating system package or component qt6-sql-sqlite Operating systems & Components / Operating system package or component libQt6PrintSupport6-debuginfo Operating systems & Components / Operating system package or component libQt6Core6 Operating systems & Components / Operating system package or component libQt6Widgets6-debuginfo Operating systems & Components / Operating system package or component qt6-platformtheme-xdgdesktopportal-debuginfo Operating systems & Components / Operating system package or component qt6-openglwidgets-devel Operating systems & Components / Operating system package or component qt6-networkinformation-glib Operating systems & Components / Operating system package or component qt6-core-devel Operating systems & Components / Operating system package or component libQt6OpenGL6-debuginfo Operating systems & Components / Operating system package or component qt6-base-docs-qch Operating systems & Components / Operating system package or component qt6-platformtheme-gtk3-debuginfo Operating systems & Components / Operating system package or component qt6-base-examples Operating systems & Components / Operating system package or component qt6-kmssupport-private-devel Operating systems & Components / Operating system package or component qt6-base-docs-html Operating systems & Components / Operating system package or component qt6-base-examples-debuginfo Operating systems & Components / Operating system package or component qt6-base-common-devel Operating systems & Components / Operating system package or component libQt6Sql6-debuginfo Operating systems & Components / Operating system package or component libQt6Test6-debuginfo Operating systems & Components / Operating system package or component qt6-network-private-devel Operating systems & Components / Operating system package or component qt6-platformtheme-xdgdesktopportal Operating systems & Components / Operating system package or component qt6-dbus-devel Operating systems & Components / Operating system package or component libQt6Widgets6 Operating systems & Components / Operating system package or component qt6-gui-private-devel Operating systems & Components / Operating system package or component libQt6Network6-debuginfo Operating systems & Components / Operating system package or component qt6-gui-devel Operating systems & Components / Operating system package or component qt6-widgets-private-devel Operating systems & Components / Operating system package or component qt6-base-common-devel-debuginfo Operating systems & Components / Operating system package or component libQt6Concurrent6-debuginfo Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU74061
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24607
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Qt SQL ODBC driver plugin. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package qt6-base to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro: 5.5
Desktop Applications Module: 15-SP5
SUSE Package Hub 15: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise Real Time 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
SUSE Linux Enterprise Desktop 15: SP5
openSUSE Leap: 15.5
qt6-docs-common: before 6.4.2-150500.3.7.4
qt6-base-private-devel: before 6.4.2-150500.3.7.4
qt6-base-devel: before 6.4.2-150500.3.7.4
libQt6DBus6: before 6.4.2-150500.3.7.4
libQt6Gui6: before 6.4.2-150500.3.7.4
libQt6OpenGL6: before 6.4.2-150500.3.7.4
qt6-sql-postgresql: before 6.4.2-150500.3.7.4
libQt6OpenGLWidgets6: before 6.4.2-150500.3.7.4
libQt6Gui6-debuginfo: before 6.4.2-150500.3.7.4
qt6-xml-devel: before 6.4.2-150500.3.7.4
qt6-test-devel: before 6.4.2-150500.3.7.4
qt6-sql-sqlite-debuginfo: before 6.4.2-150500.3.7.4
libQt6Test6: before 6.4.2-150500.3.7.4
qt6-sql-mysql-debuginfo: before 6.4.2-150500.3.7.4
libQt6Concurrent6: before 6.4.2-150500.3.7.4
qt6-printsupport-devel: before 6.4.2-150500.3.7.4
qt6-base-debuginfo: before 6.4.2-150500.3.7.4
qt6-sql-devel: before 6.4.2-150500.3.7.4
libQt6OpenGLWidgets6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Core6-debuginfo: before 6.4.2-150500.3.7.4
qt6-sql-private-devel: before 6.4.2-150500.3.7.4
qt6-platformsupport-devel-static: before 6.4.2-150500.3.7.4
qt6-sql-mysql: before 6.4.2-150500.3.7.4
qt6-concurrent-devel: before 6.4.2-150500.3.7.4
qt6-platformsupport-private-devel: before 6.4.2-150500.3.7.4
qt6-printsupport-cups: before 6.4.2-150500.3.7.4
qt6-opengl-private-devel: before 6.4.2-150500.3.7.4
libQt6Xml6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Network6: before 6.4.2-150500.3.7.4
qt6-opengl-devel: before 6.4.2-150500.3.7.4
libQt6Sql6: before 6.4.2-150500.3.7.4
qt6-widgets-devel: before 6.4.2-150500.3.7.4
qt6-sql-unixODBC-debuginfo: before 6.4.2-150500.3.7.4
libQt6Xml6: before 6.4.2-150500.3.7.4
qt6-sql-postgresql-debuginfo: before 6.4.2-150500.3.7.4
qt6-sql-unixODBC: before 6.4.2-150500.3.7.4
qt6-networkinformation-nm-debuginfo: before 6.4.2-150500.3.7.4
qt6-dbus-private-devel: before 6.4.2-150500.3.7.4
libQt6PrintSupport6: before 6.4.2-150500.3.7.4
qt6-printsupport-cups-debuginfo: before 6.4.2-150500.3.7.4
qt6-platformtheme-gtk3: before 6.4.2-150500.3.7.4
qt6-networkinformation-glib-debuginfo: before 6.4.2-150500.3.7.4
qt6-kmssupport-devel-static: before 6.4.2-150500.3.7.4
qt6-network-tls-debuginfo: before 6.4.2-150500.3.7.4
qt6-network-tls: before 6.4.2-150500.3.7.4
qt6-xml-private-devel: before 6.4.2-150500.3.7.4
qt6-test-private-devel: before 6.4.2-150500.3.7.4
libQt6DBus6-debuginfo: before 6.4.2-150500.3.7.4
qt6-printsupport-private-devel: before 6.4.2-150500.3.7.4
qt6-core-private-devel: before 6.4.2-150500.3.7.4
qt6-networkinformation-nm: before 6.4.2-150500.3.7.4
qt6-base-debugsource: before 6.4.2-150500.3.7.4
qt6-network-devel: before 6.4.2-150500.3.7.4
qt6-sql-sqlite: before 6.4.2-150500.3.7.4
libQt6PrintSupport6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Core6: before 6.4.2-150500.3.7.4
libQt6Widgets6-debuginfo: before 6.4.2-150500.3.7.4
qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.4.2-150500.3.7.4
qt6-openglwidgets-devel: before 6.4.2-150500.3.7.4
qt6-networkinformation-glib: before 6.4.2-150500.3.7.4
qt6-core-devel: before 6.4.2-150500.3.7.4
libQt6OpenGL6-debuginfo: before 6.4.2-150500.3.7.4
qt6-base-docs-qch: before 6.4.2-150500.3.7.1
qt6-platformtheme-gtk3-debuginfo: before 6.4.2-150500.3.7.4
qt6-base-examples: before 6.4.2-150500.3.7.4
qt6-kmssupport-private-devel: before 6.4.2-150500.3.7.4
qt6-base-docs-html: before 6.4.2-150500.3.7.1
qt6-base-examples-debuginfo: before 6.4.2-150500.3.7.4
qt6-base-common-devel: before 6.4.2-150500.3.7.4
libQt6Sql6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Test6-debuginfo: before 6.4.2-150500.3.7.4
qt6-network-private-devel: before 6.4.2-150500.3.7.4
qt6-platformtheme-xdgdesktopportal: before 6.4.2-150500.3.7.4
qt6-dbus-devel: before 6.4.2-150500.3.7.4
libQt6Widgets6: before 6.4.2-150500.3.7.4
qt6-gui-private-devel: before 6.4.2-150500.3.7.4
libQt6Network6-debuginfo: before 6.4.2-150500.3.7.4
qt6-gui-devel: before 6.4.2-150500.3.7.4
qt6-widgets-private-devel: before 6.4.2-150500.3.7.4
qt6-base-common-devel-debuginfo: before 6.4.2-150500.3.7.4
libQt6Concurrent6-debuginfo: before 6.4.2-150500.3.7.4
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.5:*:*:*:*:*:*:
- cpe:2.3:o:suse:desktop_applications_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_package_hub_15:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2023/suse-su-20233225-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cleartext transmission of sensitive information
EUVDB-ID: #VU76666
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32762
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationUpdate the affected package qt6-base to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro: 5.5
Desktop Applications Module: 15-SP5
SUSE Package Hub 15: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise Real Time 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
SUSE Linux Enterprise Desktop 15: SP5
openSUSE Leap: 15.5
qt6-docs-common: before 6.4.2-150500.3.7.4
qt6-base-private-devel: before 6.4.2-150500.3.7.4
qt6-base-devel: before 6.4.2-150500.3.7.4
libQt6DBus6: before 6.4.2-150500.3.7.4
libQt6Gui6: before 6.4.2-150500.3.7.4
libQt6OpenGL6: before 6.4.2-150500.3.7.4
qt6-sql-postgresql: before 6.4.2-150500.3.7.4
libQt6OpenGLWidgets6: before 6.4.2-150500.3.7.4
libQt6Gui6-debuginfo: before 6.4.2-150500.3.7.4
qt6-xml-devel: before 6.4.2-150500.3.7.4
qt6-test-devel: before 6.4.2-150500.3.7.4
qt6-sql-sqlite-debuginfo: before 6.4.2-150500.3.7.4
libQt6Test6: before 6.4.2-150500.3.7.4
qt6-sql-mysql-debuginfo: before 6.4.2-150500.3.7.4
libQt6Concurrent6: before 6.4.2-150500.3.7.4
qt6-printsupport-devel: before 6.4.2-150500.3.7.4
qt6-base-debuginfo: before 6.4.2-150500.3.7.4
qt6-sql-devel: before 6.4.2-150500.3.7.4
libQt6OpenGLWidgets6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Core6-debuginfo: before 6.4.2-150500.3.7.4
qt6-sql-private-devel: before 6.4.2-150500.3.7.4
qt6-platformsupport-devel-static: before 6.4.2-150500.3.7.4
qt6-sql-mysql: before 6.4.2-150500.3.7.4
qt6-concurrent-devel: before 6.4.2-150500.3.7.4
qt6-platformsupport-private-devel: before 6.4.2-150500.3.7.4
qt6-printsupport-cups: before 6.4.2-150500.3.7.4
qt6-opengl-private-devel: before 6.4.2-150500.3.7.4
libQt6Xml6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Network6: before 6.4.2-150500.3.7.4
qt6-opengl-devel: before 6.4.2-150500.3.7.4
libQt6Sql6: before 6.4.2-150500.3.7.4
qt6-widgets-devel: before 6.4.2-150500.3.7.4
qt6-sql-unixODBC-debuginfo: before 6.4.2-150500.3.7.4
libQt6Xml6: before 6.4.2-150500.3.7.4
qt6-sql-postgresql-debuginfo: before 6.4.2-150500.3.7.4
qt6-sql-unixODBC: before 6.4.2-150500.3.7.4
qt6-networkinformation-nm-debuginfo: before 6.4.2-150500.3.7.4
qt6-dbus-private-devel: before 6.4.2-150500.3.7.4
libQt6PrintSupport6: before 6.4.2-150500.3.7.4
qt6-printsupport-cups-debuginfo: before 6.4.2-150500.3.7.4
qt6-platformtheme-gtk3: before 6.4.2-150500.3.7.4
qt6-networkinformation-glib-debuginfo: before 6.4.2-150500.3.7.4
qt6-kmssupport-devel-static: before 6.4.2-150500.3.7.4
qt6-network-tls-debuginfo: before 6.4.2-150500.3.7.4
qt6-network-tls: before 6.4.2-150500.3.7.4
qt6-xml-private-devel: before 6.4.2-150500.3.7.4
qt6-test-private-devel: before 6.4.2-150500.3.7.4
libQt6DBus6-debuginfo: before 6.4.2-150500.3.7.4
qt6-printsupport-private-devel: before 6.4.2-150500.3.7.4
qt6-core-private-devel: before 6.4.2-150500.3.7.4
qt6-networkinformation-nm: before 6.4.2-150500.3.7.4
qt6-base-debugsource: before 6.4.2-150500.3.7.4
qt6-network-devel: before 6.4.2-150500.3.7.4
qt6-sql-sqlite: before 6.4.2-150500.3.7.4
libQt6PrintSupport6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Core6: before 6.4.2-150500.3.7.4
libQt6Widgets6-debuginfo: before 6.4.2-150500.3.7.4
qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.4.2-150500.3.7.4
qt6-openglwidgets-devel: before 6.4.2-150500.3.7.4
qt6-networkinformation-glib: before 6.4.2-150500.3.7.4
qt6-core-devel: before 6.4.2-150500.3.7.4
libQt6OpenGL6-debuginfo: before 6.4.2-150500.3.7.4
qt6-base-docs-qch: before 6.4.2-150500.3.7.1
qt6-platformtheme-gtk3-debuginfo: before 6.4.2-150500.3.7.4
qt6-base-examples: before 6.4.2-150500.3.7.4
qt6-kmssupport-private-devel: before 6.4.2-150500.3.7.4
qt6-base-docs-html: before 6.4.2-150500.3.7.1
qt6-base-examples-debuginfo: before 6.4.2-150500.3.7.4
qt6-base-common-devel: before 6.4.2-150500.3.7.4
libQt6Sql6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Test6-debuginfo: before 6.4.2-150500.3.7.4
qt6-network-private-devel: before 6.4.2-150500.3.7.4
qt6-platformtheme-xdgdesktopportal: before 6.4.2-150500.3.7.4
qt6-dbus-devel: before 6.4.2-150500.3.7.4
libQt6Widgets6: before 6.4.2-150500.3.7.4
qt6-gui-private-devel: before 6.4.2-150500.3.7.4
libQt6Network6-debuginfo: before 6.4.2-150500.3.7.4
qt6-gui-devel: before 6.4.2-150500.3.7.4
qt6-widgets-private-devel: before 6.4.2-150500.3.7.4
qt6-base-common-devel-debuginfo: before 6.4.2-150500.3.7.4
libQt6Concurrent6-debuginfo: before 6.4.2-150500.3.7.4
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.5:*:*:*:*:*:*:
- cpe:2.3:o:suse:desktop_applications_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_package_hub_15:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2023/suse-su-20233225-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU76667
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33285
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to buffer over-read via a crafted reply from a DNS server within the QDnsLookup() function in src/network/kernel/qdnslookup_unix.cpp. A remote attacker can perform a denial of service attack.
MitigationUpdate the affected package qt6-base to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro: 5.5
Desktop Applications Module: 15-SP5
SUSE Package Hub 15: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise Real Time 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
SUSE Linux Enterprise Desktop 15: SP5
openSUSE Leap: 15.5
qt6-docs-common: before 6.4.2-150500.3.7.4
qt6-base-private-devel: before 6.4.2-150500.3.7.4
qt6-base-devel: before 6.4.2-150500.3.7.4
libQt6DBus6: before 6.4.2-150500.3.7.4
libQt6Gui6: before 6.4.2-150500.3.7.4
libQt6OpenGL6: before 6.4.2-150500.3.7.4
qt6-sql-postgresql: before 6.4.2-150500.3.7.4
libQt6OpenGLWidgets6: before 6.4.2-150500.3.7.4
libQt6Gui6-debuginfo: before 6.4.2-150500.3.7.4
qt6-xml-devel: before 6.4.2-150500.3.7.4
qt6-test-devel: before 6.4.2-150500.3.7.4
qt6-sql-sqlite-debuginfo: before 6.4.2-150500.3.7.4
libQt6Test6: before 6.4.2-150500.3.7.4
qt6-sql-mysql-debuginfo: before 6.4.2-150500.3.7.4
libQt6Concurrent6: before 6.4.2-150500.3.7.4
qt6-printsupport-devel: before 6.4.2-150500.3.7.4
qt6-base-debuginfo: before 6.4.2-150500.3.7.4
qt6-sql-devel: before 6.4.2-150500.3.7.4
libQt6OpenGLWidgets6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Core6-debuginfo: before 6.4.2-150500.3.7.4
qt6-sql-private-devel: before 6.4.2-150500.3.7.4
qt6-platformsupport-devel-static: before 6.4.2-150500.3.7.4
qt6-sql-mysql: before 6.4.2-150500.3.7.4
qt6-concurrent-devel: before 6.4.2-150500.3.7.4
qt6-platformsupport-private-devel: before 6.4.2-150500.3.7.4
qt6-printsupport-cups: before 6.4.2-150500.3.7.4
qt6-opengl-private-devel: before 6.4.2-150500.3.7.4
libQt6Xml6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Network6: before 6.4.2-150500.3.7.4
qt6-opengl-devel: before 6.4.2-150500.3.7.4
libQt6Sql6: before 6.4.2-150500.3.7.4
qt6-widgets-devel: before 6.4.2-150500.3.7.4
qt6-sql-unixODBC-debuginfo: before 6.4.2-150500.3.7.4
libQt6Xml6: before 6.4.2-150500.3.7.4
qt6-sql-postgresql-debuginfo: before 6.4.2-150500.3.7.4
qt6-sql-unixODBC: before 6.4.2-150500.3.7.4
qt6-networkinformation-nm-debuginfo: before 6.4.2-150500.3.7.4
qt6-dbus-private-devel: before 6.4.2-150500.3.7.4
libQt6PrintSupport6: before 6.4.2-150500.3.7.4
qt6-printsupport-cups-debuginfo: before 6.4.2-150500.3.7.4
qt6-platformtheme-gtk3: before 6.4.2-150500.3.7.4
qt6-networkinformation-glib-debuginfo: before 6.4.2-150500.3.7.4
qt6-kmssupport-devel-static: before 6.4.2-150500.3.7.4
qt6-network-tls-debuginfo: before 6.4.2-150500.3.7.4
qt6-network-tls: before 6.4.2-150500.3.7.4
qt6-xml-private-devel: before 6.4.2-150500.3.7.4
qt6-test-private-devel: before 6.4.2-150500.3.7.4
libQt6DBus6-debuginfo: before 6.4.2-150500.3.7.4
qt6-printsupport-private-devel: before 6.4.2-150500.3.7.4
qt6-core-private-devel: before 6.4.2-150500.3.7.4
qt6-networkinformation-nm: before 6.4.2-150500.3.7.4
qt6-base-debugsource: before 6.4.2-150500.3.7.4
qt6-network-devel: before 6.4.2-150500.3.7.4
qt6-sql-sqlite: before 6.4.2-150500.3.7.4
libQt6PrintSupport6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Core6: before 6.4.2-150500.3.7.4
libQt6Widgets6-debuginfo: before 6.4.2-150500.3.7.4
qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.4.2-150500.3.7.4
qt6-openglwidgets-devel: before 6.4.2-150500.3.7.4
qt6-networkinformation-glib: before 6.4.2-150500.3.7.4
qt6-core-devel: before 6.4.2-150500.3.7.4
libQt6OpenGL6-debuginfo: before 6.4.2-150500.3.7.4
qt6-base-docs-qch: before 6.4.2-150500.3.7.1
qt6-platformtheme-gtk3-debuginfo: before 6.4.2-150500.3.7.4
qt6-base-examples: before 6.4.2-150500.3.7.4
qt6-kmssupport-private-devel: before 6.4.2-150500.3.7.4
qt6-base-docs-html: before 6.4.2-150500.3.7.1
qt6-base-examples-debuginfo: before 6.4.2-150500.3.7.4
qt6-base-common-devel: before 6.4.2-150500.3.7.4
libQt6Sql6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Test6-debuginfo: before 6.4.2-150500.3.7.4
qt6-network-private-devel: before 6.4.2-150500.3.7.4
qt6-platformtheme-xdgdesktopportal: before 6.4.2-150500.3.7.4
qt6-dbus-devel: before 6.4.2-150500.3.7.4
libQt6Widgets6: before 6.4.2-150500.3.7.4
qt6-gui-private-devel: before 6.4.2-150500.3.7.4
libQt6Network6-debuginfo: before 6.4.2-150500.3.7.4
qt6-gui-devel: before 6.4.2-150500.3.7.4
qt6-widgets-private-devel: before 6.4.2-150500.3.7.4
qt6-base-common-devel-debuginfo: before 6.4.2-150500.3.7.4
libQt6Concurrent6-debuginfo: before 6.4.2-150500.3.7.4
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.5:*:*:*:*:*:*:
- cpe:2.3:o:suse:desktop_applications_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_package_hub_15:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2023/suse-su-20233225-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Certificate Validation
EUVDB-ID: #VU78696
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34410
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper validation of TLS certificate chain, where application does not always consider whether the root of a chain is a configured CA certificate. A remote attacker can perform MitM attack.
Update the affected package qt6-base to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro: 5.5
Desktop Applications Module: 15-SP5
SUSE Package Hub 15: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise Real Time 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
SUSE Linux Enterprise Desktop 15: SP5
openSUSE Leap: 15.5
qt6-docs-common: before 6.4.2-150500.3.7.4
qt6-base-private-devel: before 6.4.2-150500.3.7.4
qt6-base-devel: before 6.4.2-150500.3.7.4
libQt6DBus6: before 6.4.2-150500.3.7.4
libQt6Gui6: before 6.4.2-150500.3.7.4
libQt6OpenGL6: before 6.4.2-150500.3.7.4
qt6-sql-postgresql: before 6.4.2-150500.3.7.4
libQt6OpenGLWidgets6: before 6.4.2-150500.3.7.4
libQt6Gui6-debuginfo: before 6.4.2-150500.3.7.4
qt6-xml-devel: before 6.4.2-150500.3.7.4
qt6-test-devel: before 6.4.2-150500.3.7.4
qt6-sql-sqlite-debuginfo: before 6.4.2-150500.3.7.4
libQt6Test6: before 6.4.2-150500.3.7.4
qt6-sql-mysql-debuginfo: before 6.4.2-150500.3.7.4
libQt6Concurrent6: before 6.4.2-150500.3.7.4
qt6-printsupport-devel: before 6.4.2-150500.3.7.4
qt6-base-debuginfo: before 6.4.2-150500.3.7.4
qt6-sql-devel: before 6.4.2-150500.3.7.4
libQt6OpenGLWidgets6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Core6-debuginfo: before 6.4.2-150500.3.7.4
qt6-sql-private-devel: before 6.4.2-150500.3.7.4
qt6-platformsupport-devel-static: before 6.4.2-150500.3.7.4
qt6-sql-mysql: before 6.4.2-150500.3.7.4
qt6-concurrent-devel: before 6.4.2-150500.3.7.4
qt6-platformsupport-private-devel: before 6.4.2-150500.3.7.4
qt6-printsupport-cups: before 6.4.2-150500.3.7.4
qt6-opengl-private-devel: before 6.4.2-150500.3.7.4
libQt6Xml6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Network6: before 6.4.2-150500.3.7.4
qt6-opengl-devel: before 6.4.2-150500.3.7.4
libQt6Sql6: before 6.4.2-150500.3.7.4
qt6-widgets-devel: before 6.4.2-150500.3.7.4
qt6-sql-unixODBC-debuginfo: before 6.4.2-150500.3.7.4
libQt6Xml6: before 6.4.2-150500.3.7.4
qt6-sql-postgresql-debuginfo: before 6.4.2-150500.3.7.4
qt6-sql-unixODBC: before 6.4.2-150500.3.7.4
qt6-networkinformation-nm-debuginfo: before 6.4.2-150500.3.7.4
qt6-dbus-private-devel: before 6.4.2-150500.3.7.4
libQt6PrintSupport6: before 6.4.2-150500.3.7.4
qt6-printsupport-cups-debuginfo: before 6.4.2-150500.3.7.4
qt6-platformtheme-gtk3: before 6.4.2-150500.3.7.4
qt6-networkinformation-glib-debuginfo: before 6.4.2-150500.3.7.4
qt6-kmssupport-devel-static: before 6.4.2-150500.3.7.4
qt6-network-tls-debuginfo: before 6.4.2-150500.3.7.4
qt6-network-tls: before 6.4.2-150500.3.7.4
qt6-xml-private-devel: before 6.4.2-150500.3.7.4
qt6-test-private-devel: before 6.4.2-150500.3.7.4
libQt6DBus6-debuginfo: before 6.4.2-150500.3.7.4
qt6-printsupport-private-devel: before 6.4.2-150500.3.7.4
qt6-core-private-devel: before 6.4.2-150500.3.7.4
qt6-networkinformation-nm: before 6.4.2-150500.3.7.4
qt6-base-debugsource: before 6.4.2-150500.3.7.4
qt6-network-devel: before 6.4.2-150500.3.7.4
qt6-sql-sqlite: before 6.4.2-150500.3.7.4
libQt6PrintSupport6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Core6: before 6.4.2-150500.3.7.4
libQt6Widgets6-debuginfo: before 6.4.2-150500.3.7.4
qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.4.2-150500.3.7.4
qt6-openglwidgets-devel: before 6.4.2-150500.3.7.4
qt6-networkinformation-glib: before 6.4.2-150500.3.7.4
qt6-core-devel: before 6.4.2-150500.3.7.4
libQt6OpenGL6-debuginfo: before 6.4.2-150500.3.7.4
qt6-base-docs-qch: before 6.4.2-150500.3.7.1
qt6-platformtheme-gtk3-debuginfo: before 6.4.2-150500.3.7.4
qt6-base-examples: before 6.4.2-150500.3.7.4
qt6-kmssupport-private-devel: before 6.4.2-150500.3.7.4
qt6-base-docs-html: before 6.4.2-150500.3.7.1
qt6-base-examples-debuginfo: before 6.4.2-150500.3.7.4
qt6-base-common-devel: before 6.4.2-150500.3.7.4
libQt6Sql6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Test6-debuginfo: before 6.4.2-150500.3.7.4
qt6-network-private-devel: before 6.4.2-150500.3.7.4
qt6-platformtheme-xdgdesktopportal: before 6.4.2-150500.3.7.4
qt6-dbus-devel: before 6.4.2-150500.3.7.4
libQt6Widgets6: before 6.4.2-150500.3.7.4
qt6-gui-private-devel: before 6.4.2-150500.3.7.4
libQt6Network6-debuginfo: before 6.4.2-150500.3.7.4
qt6-gui-devel: before 6.4.2-150500.3.7.4
qt6-widgets-private-devel: before 6.4.2-150500.3.7.4
qt6-base-common-devel-debuginfo: before 6.4.2-150500.3.7.4
libQt6Concurrent6-debuginfo: before 6.4.2-150500.3.7.4
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.5:*:*:*:*:*:*:
- cpe:2.3:o:suse:desktop_applications_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_package_hub_15:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2023/suse-su-20233225-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Infinite loop
EUVDB-ID: #VU78697
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38197
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when handling recursive expansions. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationUpdate the affected package qt6-base to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro: 5.5
Desktop Applications Module: 15-SP5
SUSE Package Hub 15: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise Real Time 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
SUSE Linux Enterprise Desktop 15: SP5
openSUSE Leap: 15.5
qt6-docs-common: before 6.4.2-150500.3.7.4
qt6-base-private-devel: before 6.4.2-150500.3.7.4
qt6-base-devel: before 6.4.2-150500.3.7.4
libQt6DBus6: before 6.4.2-150500.3.7.4
libQt6Gui6: before 6.4.2-150500.3.7.4
libQt6OpenGL6: before 6.4.2-150500.3.7.4
qt6-sql-postgresql: before 6.4.2-150500.3.7.4
libQt6OpenGLWidgets6: before 6.4.2-150500.3.7.4
libQt6Gui6-debuginfo: before 6.4.2-150500.3.7.4
qt6-xml-devel: before 6.4.2-150500.3.7.4
qt6-test-devel: before 6.4.2-150500.3.7.4
qt6-sql-sqlite-debuginfo: before 6.4.2-150500.3.7.4
libQt6Test6: before 6.4.2-150500.3.7.4
qt6-sql-mysql-debuginfo: before 6.4.2-150500.3.7.4
libQt6Concurrent6: before 6.4.2-150500.3.7.4
qt6-printsupport-devel: before 6.4.2-150500.3.7.4
qt6-base-debuginfo: before 6.4.2-150500.3.7.4
qt6-sql-devel: before 6.4.2-150500.3.7.4
libQt6OpenGLWidgets6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Core6-debuginfo: before 6.4.2-150500.3.7.4
qt6-sql-private-devel: before 6.4.2-150500.3.7.4
qt6-platformsupport-devel-static: before 6.4.2-150500.3.7.4
qt6-sql-mysql: before 6.4.2-150500.3.7.4
qt6-concurrent-devel: before 6.4.2-150500.3.7.4
qt6-platformsupport-private-devel: before 6.4.2-150500.3.7.4
qt6-printsupport-cups: before 6.4.2-150500.3.7.4
qt6-opengl-private-devel: before 6.4.2-150500.3.7.4
libQt6Xml6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Network6: before 6.4.2-150500.3.7.4
qt6-opengl-devel: before 6.4.2-150500.3.7.4
libQt6Sql6: before 6.4.2-150500.3.7.4
qt6-widgets-devel: before 6.4.2-150500.3.7.4
qt6-sql-unixODBC-debuginfo: before 6.4.2-150500.3.7.4
libQt6Xml6: before 6.4.2-150500.3.7.4
qt6-sql-postgresql-debuginfo: before 6.4.2-150500.3.7.4
qt6-sql-unixODBC: before 6.4.2-150500.3.7.4
qt6-networkinformation-nm-debuginfo: before 6.4.2-150500.3.7.4
qt6-dbus-private-devel: before 6.4.2-150500.3.7.4
libQt6PrintSupport6: before 6.4.2-150500.3.7.4
qt6-printsupport-cups-debuginfo: before 6.4.2-150500.3.7.4
qt6-platformtheme-gtk3: before 6.4.2-150500.3.7.4
qt6-networkinformation-glib-debuginfo: before 6.4.2-150500.3.7.4
qt6-kmssupport-devel-static: before 6.4.2-150500.3.7.4
qt6-network-tls-debuginfo: before 6.4.2-150500.3.7.4
qt6-network-tls: before 6.4.2-150500.3.7.4
qt6-xml-private-devel: before 6.4.2-150500.3.7.4
qt6-test-private-devel: before 6.4.2-150500.3.7.4
libQt6DBus6-debuginfo: before 6.4.2-150500.3.7.4
qt6-printsupport-private-devel: before 6.4.2-150500.3.7.4
qt6-core-private-devel: before 6.4.2-150500.3.7.4
qt6-networkinformation-nm: before 6.4.2-150500.3.7.4
qt6-base-debugsource: before 6.4.2-150500.3.7.4
qt6-network-devel: before 6.4.2-150500.3.7.4
qt6-sql-sqlite: before 6.4.2-150500.3.7.4
libQt6PrintSupport6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Core6: before 6.4.2-150500.3.7.4
libQt6Widgets6-debuginfo: before 6.4.2-150500.3.7.4
qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.4.2-150500.3.7.4
qt6-openglwidgets-devel: before 6.4.2-150500.3.7.4
qt6-networkinformation-glib: before 6.4.2-150500.3.7.4
qt6-core-devel: before 6.4.2-150500.3.7.4
libQt6OpenGL6-debuginfo: before 6.4.2-150500.3.7.4
qt6-base-docs-qch: before 6.4.2-150500.3.7.1
qt6-platformtheme-gtk3-debuginfo: before 6.4.2-150500.3.7.4
qt6-base-examples: before 6.4.2-150500.3.7.4
qt6-kmssupport-private-devel: before 6.4.2-150500.3.7.4
qt6-base-docs-html: before 6.4.2-150500.3.7.1
qt6-base-examples-debuginfo: before 6.4.2-150500.3.7.4
qt6-base-common-devel: before 6.4.2-150500.3.7.4
libQt6Sql6-debuginfo: before 6.4.2-150500.3.7.4
libQt6Test6-debuginfo: before 6.4.2-150500.3.7.4
qt6-network-private-devel: before 6.4.2-150500.3.7.4
qt6-platformtheme-xdgdesktopportal: before 6.4.2-150500.3.7.4
qt6-dbus-devel: before 6.4.2-150500.3.7.4
libQt6Widgets6: before 6.4.2-150500.3.7.4
qt6-gui-private-devel: before 6.4.2-150500.3.7.4
libQt6Network6-debuginfo: before 6.4.2-150500.3.7.4
qt6-gui-devel: before 6.4.2-150500.3.7.4
qt6-widgets-private-devel: before 6.4.2-150500.3.7.4
qt6-base-common-devel-debuginfo: before 6.4.2-150500.3.7.4
libQt6Concurrent6-debuginfo: before 6.4.2-150500.3.7.4
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.5:*:*:*:*:*:*:
- cpe:2.3:o:suse:desktop_applications_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_package_hub_15:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2023/suse-su-20233225-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
