SUSE update for qt6-base



Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2023-45935
CVE-2024-39936
CWE-ID CWE-476
CWE-367
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		SUSE Linux Enterprise Micro
Operating systems & Components / Operating system

Desktop Applications Module
Operating systems & Components / Operating system

SUSE Package Hub 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Real Time 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Desktop 15
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

qt6-base-private-devel
Operating systems & Components / Operating system package or component

qt6-base-devel
Operating systems & Components / Operating system package or component

qt6-docs-common
Operating systems & Components / Operating system package or component

qt6-base-examples-debuginfo
Operating systems & Components / Operating system package or component

libQt6Widgets6
Operating systems & Components / Operating system package or component

libQt6Concurrent6-debuginfo
Operating systems & Components / Operating system package or component

libQt6Gui6
Operating systems & Components / Operating system package or component

libQt6Network6
Operating systems & Components / Operating system package or component

qt6-networkinformation-nm-debuginfo
Operating systems & Components / Operating system package or component

qt6-network-tls-debuginfo
Operating systems & Components / Operating system package or component

qt6-widgets-devel
Operating systems & Components / Operating system package or component

qt6-base-docs-html
Operating systems & Components / Operating system package or component

qt6-platformsupport-devel-static
Operating systems & Components / Operating system package or component

libQt6OpenGL6-debuginfo
Operating systems & Components / Operating system package or component

qt6-sql-devel
Operating systems & Components / Operating system package or component

qt6-sql-unixODBC-debuginfo
Operating systems & Components / Operating system package or component

qt6-sql-postgresql-debuginfo
Operating systems & Components / Operating system package or component

libQt6Sql6
Operating systems & Components / Operating system package or component

qt6-platformsupport-private-devel
Operating systems & Components / Operating system package or component

qt6-test-private-devel
Operating systems & Components / Operating system package or component

qt6-base-common-devel-debuginfo
Operating systems & Components / Operating system package or component

qt6-base-common-devel
Operating systems & Components / Operating system package or component

qt6-gui-devel
Operating systems & Components / Operating system package or component

libQt6DBus6-debuginfo
Operating systems & Components / Operating system package or component

qt6-sql-sqlite-debuginfo
Operating systems & Components / Operating system package or component

libQt6OpenGL6
Operating systems & Components / Operating system package or component

libQt6Test6-debuginfo
Operating systems & Components / Operating system package or component

qt6-platformtheme-xdgdesktopportal
Operating systems & Components / Operating system package or component

qt6-base-debugsource
Operating systems & Components / Operating system package or component

libQt6Xml6
Operating systems & Components / Operating system package or component

libQt6OpenGLWidgets6
Operating systems & Components / Operating system package or component

libQt6Gui6-debuginfo
Operating systems & Components / Operating system package or component

qt6-gui-private-devel
Operating systems & Components / Operating system package or component

qt6-printsupport-cups
Operating systems & Components / Operating system package or component

qt6-base-debuginfo
Operating systems & Components / Operating system package or component

libQt6DBus6
Operating systems & Components / Operating system package or component

qt6-networkinformation-nm
Operating systems & Components / Operating system package or component

libQt6Network6-debuginfo
Operating systems & Components / Operating system package or component

libQt6Xml6-debuginfo
Operating systems & Components / Operating system package or component

libQt6OpenGLWidgets6-debuginfo
Operating systems & Components / Operating system package or component

qt6-sql-mysql
Operating systems & Components / Operating system package or component

qt6-networkinformation-glib-debuginfo
Operating systems & Components / Operating system package or component

qt6-openglwidgets-devel
Operating systems & Components / Operating system package or component

qt6-sql-sqlite
Operating systems & Components / Operating system package or component

libQt6Concurrent6
Operating systems & Components / Operating system package or component

qt6-dbus-devel
Operating systems & Components / Operating system package or component

libQt6Test6
Operating systems & Components / Operating system package or component

qt6-sql-unixODBC
Operating systems & Components / Operating system package or component

qt6-sql-private-devel
Operating systems & Components / Operating system package or component

qt6-base-docs-qch
Operating systems & Components / Operating system package or component

libQt6Core6
Operating systems & Components / Operating system package or component

qt6-printsupport-devel
Operating systems & Components / Operating system package or component

libQt6Sql6-debuginfo
Operating systems & Components / Operating system package or component

libQt6Core6-debuginfo
Operating systems & Components / Operating system package or component

qt6-kmssupport-devel-static
Operating systems & Components / Operating system package or component

qt6-core-private-devel
Operating systems & Components / Operating system package or component

qt6-platformtheme-xdgdesktopportal-debuginfo
Operating systems & Components / Operating system package or component

qt6-test-devel
Operating systems & Components / Operating system package or component

qt6-platformtheme-gtk3
Operating systems & Components / Operating system package or component

qt6-network-devel
Operating systems & Components / Operating system package or component

qt6-printsupport-cups-debuginfo
Operating systems & Components / Operating system package or component

libQt6PrintSupport6-debuginfo
Operating systems & Components / Operating system package or component

qt6-sql-mysql-debuginfo
Operating systems & Components / Operating system package or component

qt6-widgets-private-devel
Operating systems & Components / Operating system package or component

qt6-sql-postgresql
Operating systems & Components / Operating system package or component

qt6-printsupport-private-devel
Operating systems & Components / Operating system package or component

qt6-core-devel
Operating systems & Components / Operating system package or component

libQt6Widgets6-debuginfo
Operating systems & Components / Operating system package or component

libQt6PrintSupport6
Operating systems & Components / Operating system package or component

qt6-xml-private-devel
Operating systems & Components / Operating system package or component

qt6-opengl-private-devel
Operating systems & Components / Operating system package or component

qt6-base-examples
Operating systems & Components / Operating system package or component

qt6-concurrent-devel
Operating systems & Components / Operating system package or component

qt6-networkinformation-glib
Operating systems & Components / Operating system package or component

qt6-xml-devel
Operating systems & Components / Operating system package or component

qt6-network-private-devel
Operating systems & Components / Operating system package or component

qt6-dbus-private-devel
Operating systems & Components / Operating system package or component

qt6-opengl-devel
Operating systems & Components / Operating system package or component

qt6-platformtheme-gtk3-debuginfo
Operating systems & Components / Operating system package or component

qt6-kmssupport-private-devel
Operating systems & Components / Operating system package or component

qt6-network-tls
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU89359

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-45935

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the QXcbConnection::initializeAllAtoms(). A local user can crash the application.

Mitigation

Update the affected package qt6-base to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

Desktop Applications Module: 15-SP5

SUSE Package Hub 15: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

qt6-base-private-devel: before 6.4.2-150500.3.20.2

qt6-base-devel: before 6.4.2-150500.3.20.2

qt6-docs-common: before 6.4.2-150500.3.20.2

qt6-base-examples-debuginfo: before 6.4.2-150500.3.20.2

libQt6Widgets6: before 6.4.2-150500.3.20.2

libQt6Concurrent6-debuginfo: before 6.4.2-150500.3.20.2

libQt6Gui6: before 6.4.2-150500.3.20.2

libQt6Network6: before 6.4.2-150500.3.20.2

qt6-networkinformation-nm-debuginfo: before 6.4.2-150500.3.20.2

qt6-network-tls-debuginfo: before 6.4.2-150500.3.20.2

qt6-widgets-devel: before 6.4.2-150500.3.20.2

qt6-base-docs-html: before 6.4.2-150500.3.20.1

qt6-platformsupport-devel-static: before 6.4.2-150500.3.20.2

libQt6OpenGL6-debuginfo: before 6.4.2-150500.3.20.2

qt6-sql-devel: before 6.4.2-150500.3.20.2

qt6-sql-unixODBC-debuginfo: before 6.4.2-150500.3.20.2

qt6-sql-postgresql-debuginfo: before 6.4.2-150500.3.20.2

libQt6Sql6: before 6.4.2-150500.3.20.2

qt6-platformsupport-private-devel: before 6.4.2-150500.3.20.2

qt6-test-private-devel: before 6.4.2-150500.3.20.2

qt6-base-common-devel-debuginfo: before 6.4.2-150500.3.20.2

qt6-base-common-devel: before 6.4.2-150500.3.20.2

qt6-gui-devel: before 6.4.2-150500.3.20.2

libQt6DBus6-debuginfo: before 6.4.2-150500.3.20.2

qt6-sql-sqlite-debuginfo: before 6.4.2-150500.3.20.2

libQt6OpenGL6: before 6.4.2-150500.3.20.2

libQt6Test6-debuginfo: before 6.4.2-150500.3.20.2

qt6-platformtheme-xdgdesktopportal: before 6.4.2-150500.3.20.2

qt6-base-debugsource: before 6.4.2-150500.3.20.2

libQt6Xml6: before 6.4.2-150500.3.20.2

libQt6OpenGLWidgets6: before 6.4.2-150500.3.20.2

libQt6Gui6-debuginfo: before 6.4.2-150500.3.20.2

qt6-gui-private-devel: before 6.4.2-150500.3.20.2

qt6-printsupport-cups: before 6.4.2-150500.3.20.2

qt6-base-debuginfo: before 6.4.2-150500.3.20.2

libQt6DBus6: before 6.4.2-150500.3.20.2

qt6-networkinformation-nm: before 6.4.2-150500.3.20.2

libQt6Network6-debuginfo: before 6.4.2-150500.3.20.2

libQt6Xml6-debuginfo: before 6.4.2-150500.3.20.2

libQt6OpenGLWidgets6-debuginfo: before 6.4.2-150500.3.20.2

qt6-sql-mysql: before 6.4.2-150500.3.20.2

qt6-networkinformation-glib-debuginfo: before 6.4.2-150500.3.20.2

qt6-openglwidgets-devel: before 6.4.2-150500.3.20.2

qt6-sql-sqlite: before 6.4.2-150500.3.20.2

libQt6Concurrent6: before 6.4.2-150500.3.20.2

qt6-dbus-devel: before 6.4.2-150500.3.20.2

libQt6Test6: before 6.4.2-150500.3.20.2

qt6-sql-unixODBC: before 6.4.2-150500.3.20.2

qt6-sql-private-devel: before 6.4.2-150500.3.20.2

qt6-base-docs-qch: before 6.4.2-150500.3.20.1

libQt6Core6: before 6.4.2-150500.3.20.2

qt6-printsupport-devel: before 6.4.2-150500.3.20.2

libQt6Sql6-debuginfo: before 6.4.2-150500.3.20.2

libQt6Core6-debuginfo: before 6.4.2-150500.3.20.2

qt6-kmssupport-devel-static: before 6.4.2-150500.3.20.2

qt6-core-private-devel: before 6.4.2-150500.3.20.2

qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.4.2-150500.3.20.2

qt6-test-devel: before 6.4.2-150500.3.20.2

qt6-platformtheme-gtk3: before 6.4.2-150500.3.20.2

qt6-network-devel: before 6.4.2-150500.3.20.2

qt6-printsupport-cups-debuginfo: before 6.4.2-150500.3.20.2

libQt6PrintSupport6-debuginfo: before 6.4.2-150500.3.20.2

qt6-sql-mysql-debuginfo: before 6.4.2-150500.3.20.2

qt6-widgets-private-devel: before 6.4.2-150500.3.20.2

qt6-sql-postgresql: before 6.4.2-150500.3.20.2

qt6-printsupport-private-devel: before 6.4.2-150500.3.20.2

qt6-core-devel: before 6.4.2-150500.3.20.2

libQt6Widgets6-debuginfo: before 6.4.2-150500.3.20.2

libQt6PrintSupport6: before 6.4.2-150500.3.20.2

qt6-xml-private-devel: before 6.4.2-150500.3.20.2

qt6-opengl-private-devel: before 6.4.2-150500.3.20.2

qt6-base-examples: before 6.4.2-150500.3.20.2

qt6-concurrent-devel: before 6.4.2-150500.3.20.2

qt6-networkinformation-glib: before 6.4.2-150500.3.20.2

qt6-xml-devel: before 6.4.2-150500.3.20.2

qt6-network-private-devel: before 6.4.2-150500.3.20.2

qt6-dbus-private-devel: before 6.4.2-150500.3.20.2

qt6-opengl-devel: before 6.4.2-150500.3.20.2

qt6-platformtheme-gtk3-debuginfo: before 6.4.2-150500.3.20.2

qt6-kmssupport-private-devel: before 6.4.2-150500.3.20.2

qt6-network-tls: before 6.4.2-150500.3.20.2

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242873-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU94613

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39936

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to a race condition in HTTP2 support when establishing an encrypted connection. A remote attacker can potentially force the application to send data before the encrypted() signal, leading to potential information disclosure.

Mitigation

Update the affected package qt6-base to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

Desktop Applications Module: 15-SP5

SUSE Package Hub 15: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

qt6-base-private-devel: before 6.4.2-150500.3.20.2

qt6-base-devel: before 6.4.2-150500.3.20.2

qt6-docs-common: before 6.4.2-150500.3.20.2

qt6-base-examples-debuginfo: before 6.4.2-150500.3.20.2

libQt6Widgets6: before 6.4.2-150500.3.20.2

libQt6Concurrent6-debuginfo: before 6.4.2-150500.3.20.2

libQt6Gui6: before 6.4.2-150500.3.20.2

libQt6Network6: before 6.4.2-150500.3.20.2

qt6-networkinformation-nm-debuginfo: before 6.4.2-150500.3.20.2

qt6-network-tls-debuginfo: before 6.4.2-150500.3.20.2

qt6-widgets-devel: before 6.4.2-150500.3.20.2

qt6-base-docs-html: before 6.4.2-150500.3.20.1

qt6-platformsupport-devel-static: before 6.4.2-150500.3.20.2

libQt6OpenGL6-debuginfo: before 6.4.2-150500.3.20.2

qt6-sql-devel: before 6.4.2-150500.3.20.2

qt6-sql-unixODBC-debuginfo: before 6.4.2-150500.3.20.2

qt6-sql-postgresql-debuginfo: before 6.4.2-150500.3.20.2

libQt6Sql6: before 6.4.2-150500.3.20.2

qt6-platformsupport-private-devel: before 6.4.2-150500.3.20.2

qt6-test-private-devel: before 6.4.2-150500.3.20.2

qt6-base-common-devel-debuginfo: before 6.4.2-150500.3.20.2

qt6-base-common-devel: before 6.4.2-150500.3.20.2

qt6-gui-devel: before 6.4.2-150500.3.20.2

libQt6DBus6-debuginfo: before 6.4.2-150500.3.20.2

qt6-sql-sqlite-debuginfo: before 6.4.2-150500.3.20.2

libQt6OpenGL6: before 6.4.2-150500.3.20.2

libQt6Test6-debuginfo: before 6.4.2-150500.3.20.2

qt6-platformtheme-xdgdesktopportal: before 6.4.2-150500.3.20.2

qt6-base-debugsource: before 6.4.2-150500.3.20.2

libQt6Xml6: before 6.4.2-150500.3.20.2

libQt6OpenGLWidgets6: before 6.4.2-150500.3.20.2

libQt6Gui6-debuginfo: before 6.4.2-150500.3.20.2

qt6-gui-private-devel: before 6.4.2-150500.3.20.2

qt6-printsupport-cups: before 6.4.2-150500.3.20.2

qt6-base-debuginfo: before 6.4.2-150500.3.20.2

libQt6DBus6: before 6.4.2-150500.3.20.2

qt6-networkinformation-nm: before 6.4.2-150500.3.20.2

libQt6Network6-debuginfo: before 6.4.2-150500.3.20.2

libQt6Xml6-debuginfo: before 6.4.2-150500.3.20.2

libQt6OpenGLWidgets6-debuginfo: before 6.4.2-150500.3.20.2

qt6-sql-mysql: before 6.4.2-150500.3.20.2

qt6-networkinformation-glib-debuginfo: before 6.4.2-150500.3.20.2

qt6-openglwidgets-devel: before 6.4.2-150500.3.20.2

qt6-sql-sqlite: before 6.4.2-150500.3.20.2

libQt6Concurrent6: before 6.4.2-150500.3.20.2

qt6-dbus-devel: before 6.4.2-150500.3.20.2

libQt6Test6: before 6.4.2-150500.3.20.2

qt6-sql-unixODBC: before 6.4.2-150500.3.20.2

qt6-sql-private-devel: before 6.4.2-150500.3.20.2

qt6-base-docs-qch: before 6.4.2-150500.3.20.1

libQt6Core6: before 6.4.2-150500.3.20.2

qt6-printsupport-devel: before 6.4.2-150500.3.20.2

libQt6Sql6-debuginfo: before 6.4.2-150500.3.20.2

libQt6Core6-debuginfo: before 6.4.2-150500.3.20.2

qt6-kmssupport-devel-static: before 6.4.2-150500.3.20.2

qt6-core-private-devel: before 6.4.2-150500.3.20.2

qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.4.2-150500.3.20.2

qt6-test-devel: before 6.4.2-150500.3.20.2

qt6-platformtheme-gtk3: before 6.4.2-150500.3.20.2

qt6-network-devel: before 6.4.2-150500.3.20.2

qt6-printsupport-cups-debuginfo: before 6.4.2-150500.3.20.2

libQt6PrintSupport6-debuginfo: before 6.4.2-150500.3.20.2

qt6-sql-mysql-debuginfo: before 6.4.2-150500.3.20.2

qt6-widgets-private-devel: before 6.4.2-150500.3.20.2

qt6-sql-postgresql: before 6.4.2-150500.3.20.2

qt6-printsupport-private-devel: before 6.4.2-150500.3.20.2

qt6-core-devel: before 6.4.2-150500.3.20.2

libQt6Widgets6-debuginfo: before 6.4.2-150500.3.20.2

libQt6PrintSupport6: before 6.4.2-150500.3.20.2

qt6-xml-private-devel: before 6.4.2-150500.3.20.2

qt6-opengl-private-devel: before 6.4.2-150500.3.20.2

qt6-base-examples: before 6.4.2-150500.3.20.2

qt6-concurrent-devel: before 6.4.2-150500.3.20.2

qt6-networkinformation-glib: before 6.4.2-150500.3.20.2

qt6-xml-devel: before 6.4.2-150500.3.20.2

qt6-network-private-devel: before 6.4.2-150500.3.20.2

qt6-dbus-private-devel: before 6.4.2-150500.3.20.2

qt6-opengl-devel: before 6.4.2-150500.3.20.2

qt6-platformtheme-gtk3-debuginfo: before 6.4.2-150500.3.20.2

qt6-kmssupport-private-devel: before 6.4.2-150500.3.20.2

qt6-network-tls: before 6.4.2-150500.3.20.2

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242873-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###