SUSE update for qt6-base

Published: 2024-08-13

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2023-45935 CVE-2024-39936
CWE-ID	CWE-476 CWE-367
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	SUSE Linux Enterprise Micro Operating systems & Components / Operating system Desktop Applications Module Operating systems & Components / Operating system SUSE Package Hub 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system qt6-base-private-devel Operating systems & Components / Operating system package or component qt6-base-devel Operating systems & Components / Operating system package or component qt6-docs-common Operating systems & Components / Operating system package or component qt6-base-examples-debuginfo Operating systems & Components / Operating system package or component libQt6Widgets6 Operating systems & Components / Operating system package or component libQt6Concurrent6-debuginfo Operating systems & Components / Operating system package or component libQt6Gui6 Operating systems & Components / Operating system package or component libQt6Network6 Operating systems & Components / Operating system package or component qt6-networkinformation-nm-debuginfo Operating systems & Components / Operating system package or component qt6-network-tls-debuginfo Operating systems & Components / Operating system package or component qt6-widgets-devel Operating systems & Components / Operating system package or component qt6-base-docs-html Operating systems & Components / Operating system package or component qt6-platformsupport-devel-static Operating systems & Components / Operating system package or component libQt6OpenGL6-debuginfo Operating systems & Components / Operating system package or component qt6-sql-devel Operating systems & Components / Operating system package or component qt6-sql-unixODBC-debuginfo Operating systems & Components / Operating system package or component qt6-sql-postgresql-debuginfo Operating systems & Components / Operating system package or component libQt6Sql6 Operating systems & Components / Operating system package or component qt6-platformsupport-private-devel Operating systems & Components / Operating system package or component qt6-test-private-devel Operating systems & Components / Operating system package or component qt6-base-common-devel-debuginfo Operating systems & Components / Operating system package or component qt6-base-common-devel Operating systems & Components / Operating system package or component qt6-gui-devel Operating systems & Components / Operating system package or component libQt6DBus6-debuginfo Operating systems & Components / Operating system package or component qt6-sql-sqlite-debuginfo Operating systems & Components / Operating system package or component libQt6OpenGL6 Operating systems & Components / Operating system package or component libQt6Test6-debuginfo Operating systems & Components / Operating system package or component qt6-platformtheme-xdgdesktopportal Operating systems & Components / Operating system package or component qt6-base-debugsource Operating systems & Components / Operating system package or component libQt6Xml6 Operating systems & Components / Operating system package or component libQt6OpenGLWidgets6 Operating systems & Components / Operating system package or component libQt6Gui6-debuginfo Operating systems & Components / Operating system package or component qt6-gui-private-devel Operating systems & Components / Operating system package or component qt6-printsupport-cups Operating systems & Components / Operating system package or component qt6-base-debuginfo Operating systems & Components / Operating system package or component libQt6DBus6 Operating systems & Components / Operating system package or component qt6-networkinformation-nm Operating systems & Components / Operating system package or component libQt6Network6-debuginfo Operating systems & Components / Operating system package or component libQt6Xml6-debuginfo Operating systems & Components / Operating system package or component libQt6OpenGLWidgets6-debuginfo Operating systems & Components / Operating system package or component qt6-sql-mysql Operating systems & Components / Operating system package or component qt6-networkinformation-glib-debuginfo Operating systems & Components / Operating system package or component qt6-openglwidgets-devel Operating systems & Components / Operating system package or component qt6-sql-sqlite Operating systems & Components / Operating system package or component libQt6Concurrent6 Operating systems & Components / Operating system package or component qt6-dbus-devel Operating systems & Components / Operating system package or component libQt6Test6 Operating systems & Components / Operating system package or component qt6-sql-unixODBC Operating systems & Components / Operating system package or component qt6-sql-private-devel Operating systems & Components / Operating system package or component qt6-base-docs-qch Operating systems & Components / Operating system package or component libQt6Core6 Operating systems & Components / Operating system package or component qt6-printsupport-devel Operating systems & Components / Operating system package or component libQt6Sql6-debuginfo Operating systems & Components / Operating system package or component libQt6Core6-debuginfo Operating systems & Components / Operating system package or component qt6-kmssupport-devel-static Operating systems & Components / Operating system package or component qt6-core-private-devel Operating systems & Components / Operating system package or component qt6-platformtheme-xdgdesktopportal-debuginfo Operating systems & Components / Operating system package or component qt6-test-devel Operating systems & Components / Operating system package or component qt6-platformtheme-gtk3 Operating systems & Components / Operating system package or component qt6-network-devel Operating systems & Components / Operating system package or component qt6-printsupport-cups-debuginfo Operating systems & Components / Operating system package or component libQt6PrintSupport6-debuginfo Operating systems & Components / Operating system package or component qt6-sql-mysql-debuginfo Operating systems & Components / Operating system package or component qt6-widgets-private-devel Operating systems & Components / Operating system package or component qt6-sql-postgresql Operating systems & Components / Operating system package or component qt6-printsupport-private-devel Operating systems & Components / Operating system package or component qt6-core-devel Operating systems & Components / Operating system package or component libQt6Widgets6-debuginfo Operating systems & Components / Operating system package or component libQt6PrintSupport6 Operating systems & Components / Operating system package or component qt6-xml-private-devel Operating systems & Components / Operating system package or component qt6-opengl-private-devel Operating systems & Components / Operating system package or component qt6-base-examples Operating systems & Components / Operating system package or component qt6-concurrent-devel Operating systems & Components / Operating system package or component qt6-networkinformation-glib Operating systems & Components / Operating system package or component qt6-xml-devel Operating systems & Components / Operating system package or component qt6-network-private-devel Operating systems & Components / Operating system package or component qt6-dbus-private-devel Operating systems & Components / Operating system package or component qt6-opengl-devel Operating systems & Components / Operating system package or component qt6-platformtheme-gtk3-debuginfo Operating systems & Components / Operating system package or component qt6-kmssupport-private-devel Operating systems & Components / Operating system package or component qt6-network-tls Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU89359

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-45935

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the QXcbConnection::initializeAllAtoms(). A local user can crash the application.

Mitigation

Update the affected package qt6-base to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

Desktop Applications Module: 15-SP5

SUSE Package Hub 15: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

qt6-base-private-devel: before 6.4.2-150500.3.20.2

qt6-base-devel: before 6.4.2-150500.3.20.2

qt6-docs-common: before 6.4.2-150500.3.20.2

qt6-base-examples-debuginfo: before 6.4.2-150500.3.20.2

libQt6Widgets6: before 6.4.2-150500.3.20.2

libQt6Concurrent6-debuginfo: before 6.4.2-150500.3.20.2

libQt6Gui6: before 6.4.2-150500.3.20.2

libQt6Network6: before 6.4.2-150500.3.20.2

qt6-networkinformation-nm-debuginfo: before 6.4.2-150500.3.20.2

qt6-network-tls-debuginfo: before 6.4.2-150500.3.20.2

qt6-widgets-devel: before 6.4.2-150500.3.20.2

qt6-base-docs-html: before 6.4.2-150500.3.20.1

qt6-platformsupport-devel-static: before 6.4.2-150500.3.20.2

libQt6OpenGL6-debuginfo: before 6.4.2-150500.3.20.2

qt6-sql-devel: before 6.4.2-150500.3.20.2

qt6-sql-unixODBC-debuginfo: before 6.4.2-150500.3.20.2

qt6-sql-postgresql-debuginfo: before 6.4.2-150500.3.20.2

libQt6Sql6: before 6.4.2-150500.3.20.2

qt6-platformsupport-private-devel: before 6.4.2-150500.3.20.2

qt6-test-private-devel: before 6.4.2-150500.3.20.2

qt6-base-common-devel-debuginfo: before 6.4.2-150500.3.20.2

qt6-base-common-devel: before 6.4.2-150500.3.20.2

qt6-gui-devel: before 6.4.2-150500.3.20.2

libQt6DBus6-debuginfo: before 6.4.2-150500.3.20.2

qt6-sql-sqlite-debuginfo: before 6.4.2-150500.3.20.2

libQt6OpenGL6: before 6.4.2-150500.3.20.2

libQt6Test6-debuginfo: before 6.4.2-150500.3.20.2

qt6-platformtheme-xdgdesktopportal: before 6.4.2-150500.3.20.2

qt6-base-debugsource: before 6.4.2-150500.3.20.2

libQt6Xml6: before 6.4.2-150500.3.20.2

libQt6OpenGLWidgets6: before 6.4.2-150500.3.20.2

libQt6Gui6-debuginfo: before 6.4.2-150500.3.20.2

qt6-gui-private-devel: before 6.4.2-150500.3.20.2

qt6-printsupport-cups: before 6.4.2-150500.3.20.2

qt6-base-debuginfo: before 6.4.2-150500.3.20.2

libQt6DBus6: before 6.4.2-150500.3.20.2

qt6-networkinformation-nm: before 6.4.2-150500.3.20.2

libQt6Network6-debuginfo: before 6.4.2-150500.3.20.2

libQt6Xml6-debuginfo: before 6.4.2-150500.3.20.2

libQt6OpenGLWidgets6-debuginfo: before 6.4.2-150500.3.20.2

qt6-sql-mysql: before 6.4.2-150500.3.20.2

qt6-networkinformation-glib-debuginfo: before 6.4.2-150500.3.20.2

qt6-openglwidgets-devel: before 6.4.2-150500.3.20.2

qt6-sql-sqlite: before 6.4.2-150500.3.20.2

libQt6Concurrent6: before 6.4.2-150500.3.20.2

qt6-dbus-devel: before 6.4.2-150500.3.20.2

libQt6Test6: before 6.4.2-150500.3.20.2

qt6-sql-unixODBC: before 6.4.2-150500.3.20.2

qt6-sql-private-devel: before 6.4.2-150500.3.20.2

qt6-base-docs-qch: before 6.4.2-150500.3.20.1

libQt6Core6: before 6.4.2-150500.3.20.2

qt6-printsupport-devel: before 6.4.2-150500.3.20.2

libQt6Sql6-debuginfo: before 6.4.2-150500.3.20.2

libQt6Core6-debuginfo: before 6.4.2-150500.3.20.2

qt6-kmssupport-devel-static: before 6.4.2-150500.3.20.2

qt6-core-private-devel: before 6.4.2-150500.3.20.2

qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.4.2-150500.3.20.2

qt6-test-devel: before 6.4.2-150500.3.20.2

qt6-platformtheme-gtk3: before 6.4.2-150500.3.20.2

qt6-network-devel: before 6.4.2-150500.3.20.2

qt6-printsupport-cups-debuginfo: before 6.4.2-150500.3.20.2

libQt6PrintSupport6-debuginfo: before 6.4.2-150500.3.20.2

qt6-sql-mysql-debuginfo: before 6.4.2-150500.3.20.2

qt6-widgets-private-devel: before 6.4.2-150500.3.20.2

qt6-sql-postgresql: before 6.4.2-150500.3.20.2

qt6-printsupport-private-devel: before 6.4.2-150500.3.20.2

qt6-core-devel: before 6.4.2-150500.3.20.2

libQt6Widgets6-debuginfo: before 6.4.2-150500.3.20.2

libQt6PrintSupport6: before 6.4.2-150500.3.20.2

qt6-xml-private-devel: before 6.4.2-150500.3.20.2

qt6-opengl-private-devel: before 6.4.2-150500.3.20.2

qt6-base-examples: before 6.4.2-150500.3.20.2

qt6-concurrent-devel: before 6.4.2-150500.3.20.2

qt6-networkinformation-glib: before 6.4.2-150500.3.20.2

qt6-xml-devel: before 6.4.2-150500.3.20.2

qt6-network-private-devel: before 6.4.2-150500.3.20.2

qt6-dbus-private-devel: before 6.4.2-150500.3.20.2

qt6-opengl-devel: before 6.4.2-150500.3.20.2

qt6-platformtheme-gtk3-debuginfo: before 6.4.2-150500.3.20.2

qt6-kmssupport-private-devel: before 6.4.2-150500.3.20.2

qt6-network-tls: before 6.4.2-150500.3.20.2

CPE2.3

External links

https://www.suse.com/support/update/announcement/2024/suse-su-20242873-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU94613