Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU94613
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39936
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to a race condition in HTTP2 support when establishing an encrypted connection. A remote attacker can potentially force the application to send data before the encrypted() signal, leading to potential information disclosure.
Update the affected package qt6-base to the latest version.
Vulnerable software versionsDesktop Applications Module: 15-SP6
SUSE Package Hub 15: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
SUSE Linux Enterprise Desktop 15: SP6
qt6-docs-common: before 6.6.3-150600.3.3.1
qt6-base-private-devel: before 6.6.3-150600.3.3.1
qt6-base-devel: before 6.6.3-150600.3.3.1
qt6-sql-mysql: before 6.6.3-150600.3.3.1
libQt6OpenGL6: before 6.6.3-150600.3.3.1
libQt6Gui6-debuginfo: before 6.6.3-150600.3.3.1
qt6-concurrent-devel: before 6.6.3-150600.3.3.1
libQt6Xml6-debuginfo: before 6.6.3-150600.3.3.1
qt6-widgets-private-devel: before 6.6.3-150600.3.3.1
qt6-base-docs-html: before 6.6.3-150600.3.3.1
qt6-base-debugsource: before 6.6.3-150600.3.3.1
qt6-network-tls: before 6.6.3-150600.3.3.1
qt6-base-common-devel-debuginfo: before 6.6.3-150600.3.3.1
qt6-base-examples: before 6.6.3-150600.3.3.1
qt6-platformsupport-private-devel: before 6.6.3-150600.3.3.1
libQt6OpenGLWidgets6: before 6.6.3-150600.3.3.1
libQt6DBus6-debuginfo: before 6.6.3-150600.3.3.1
libQt6Widgets6-debuginfo: before 6.6.3-150600.3.3.1
qt6-printsupport-cups-debuginfo: before 6.6.3-150600.3.3.1
qt6-printsupport-cups: before 6.6.3-150600.3.3.1
qt6-networkinformation-glib: before 6.6.3-150600.3.3.1
qt6-test-private-devel: before 6.6.3-150600.3.3.1
qt6-core-private-devel: before 6.6.3-150600.3.3.1
qt6-sql-private-devel: before 6.6.3-150600.3.3.1
qt6-sql-postgresql-debuginfo: before 6.6.3-150600.3.3.1
libQt6Sql6: before 6.6.3-150600.3.3.1
libQt6Xml6: before 6.6.3-150600.3.3.1
qt6-printsupport-private-devel: before 6.6.3-150600.3.3.1
qt6-printsupport-devel: before 6.6.3-150600.3.3.1
qt6-kmssupport-devel-static: before 6.6.3-150600.3.3.1
libQt6OpenGL6-debuginfo: before 6.6.3-150600.3.3.1
qt6-kmssupport-private-devel: before 6.6.3-150600.3.3.1
qt6-networkinformation-glib-debuginfo: before 6.6.3-150600.3.3.1
libQt6Core6-debuginfo: before 6.6.3-150600.3.3.1
qt6-network-private-devel: before 6.6.3-150600.3.3.1
qt6-network-devel: before 6.6.3-150600.3.3.1
qt6-exampleicons-devel-static: before 6.6.3-150600.3.3.1
libQt6Test6: before 6.6.3-150600.3.3.1
qt6-sql-mysql-debuginfo: before 6.6.3-150600.3.3.1
libQt6PrintSupport6: before 6.6.3-150600.3.3.1
qt6-opengl-devel: before 6.6.3-150600.3.3.1
qt6-gui-devel: before 6.6.3-150600.3.3.1
libQt6Network6-debuginfo: before 6.6.3-150600.3.3.1
qt6-gui-private-devel: before 6.6.3-150600.3.3.1
libQt6Concurrent6: before 6.6.3-150600.3.3.1
libQt6Network6: before 6.6.3-150600.3.3.1
qt6-base-common-devel: before 6.6.3-150600.3.3.1
qt6-sql-postgresql: before 6.6.3-150600.3.3.1
libQt6Test6-debuginfo: before 6.6.3-150600.3.3.1
libQt6Widgets6: before 6.6.3-150600.3.3.1
qt6-platformtheme-gtk3: before 6.6.3-150600.3.3.1
qt6-widgets-devel: before 6.6.3-150600.3.3.1
qt6-xml-private-devel: before 6.6.3-150600.3.3.1
qt6-xml-devel: before 6.6.3-150600.3.3.1
qt6-dbus-private-devel: before 6.6.3-150600.3.3.1
qt6-networkinformation-nm-debuginfo: before 6.6.3-150600.3.3.1
qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.6.3-150600.3.3.1
qt6-base-docs-qch: before 6.6.3-150600.3.3.1
libQt6PrintSupport6-debuginfo: before 6.6.3-150600.3.3.1
qt6-sql-sqlite-debuginfo: before 6.6.3-150600.3.3.1
qt6-dbus-devel: before 6.6.3-150600.3.3.1
libQt6Gui6: before 6.6.3-150600.3.3.1
qt6-sql-unixODBC: before 6.6.3-150600.3.3.1
qt6-core-devel: before 6.6.3-150600.3.3.1
qt6-base-examples-debuginfo: before 6.6.3-150600.3.3.1
qt6-base-debuginfo: before 6.6.3-150600.3.3.1
qt6-test-devel: before 6.6.3-150600.3.3.1
qt6-network-tls-debuginfo: before 6.6.3-150600.3.3.1
libQt6Sql6-debuginfo: before 6.6.3-150600.3.3.1
libQt6Concurrent6-debuginfo: before 6.6.3-150600.3.3.1
libQt6DBus6: before 6.6.3-150600.3.3.1
qt6-platformtheme-gtk3-debuginfo: before 6.6.3-150600.3.3.1
qt6-openglwidgets-devel: before 6.6.3-150600.3.3.1
libQt6Core6: before 6.6.3-150600.3.3.1
qt6-platformsupport-devel-static: before 6.6.3-150600.3.3.1
libQt6OpenGLWidgets6-debuginfo: before 6.6.3-150600.3.3.1
qt6-opengl-private-devel: before 6.6.3-150600.3.3.1
qt6-sql-sqlite: before 6.6.3-150600.3.3.1
qt6-platformtheme-xdgdesktopportal: before 6.6.3-150600.3.3.1
qt6-sql-unixODBC-debuginfo: before 6.6.3-150600.3.3.1
qt6-sql-devel: before 6.6.3-150600.3.3.1
qt6-networkinformation-nm: before 6.6.3-150600.3.3.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242875-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.