SUSE update for qt6-base

Published: 2024-08-28

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-30161
CWE-ID	CWE-416
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	SUSE Linux Enterprise Micro Operating systems & Components / Operating system Desktop Applications Module Operating systems & Components / Operating system SUSE Package Hub 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system qt6-docs-common Operating systems & Components / Operating system package or component qt6-base-private-devel Operating systems & Components / Operating system package or component qt6-dbus-private-devel Operating systems & Components / Operating system package or component qt6-base-examples-debuginfo Operating systems & Components / Operating system package or component qt6-sql-unixODBC Operating systems & Components / Operating system package or component qt6-xml-private-devel Operating systems & Components / Operating system package or component qt6-sql-mysql-debuginfo Operating systems & Components / Operating system package or component qt6-platformtheme-xdgdesktopportal-debuginfo Operating systems & Components / Operating system package or component qt6-networkinformation-glib-debuginfo Operating systems & Components / Operating system package or component qt6-sql-postgresql-debuginfo Operating systems & Components / Operating system package or component qt6-network-private-devel Operating systems & Components / Operating system package or component qt6-platformtheme-gtk3 Operating systems & Components / Operating system package or component qt6-sql-mysql Operating systems & Components / Operating system package or component qt6-base-docs-qch Operating systems & Components / Operating system package or component qt6-printsupport-private-devel Operating systems & Components / Operating system package or component qt6-base-examples Operating systems & Components / Operating system package or component qt6-sql-unixODBC-debuginfo Operating systems & Components / Operating system package or component qt6-sql-private-devel Operating systems & Components / Operating system package or component qt6-platformtheme-xdgdesktopportal Operating systems & Components / Operating system package or component qt6-networkinformation-glib Operating systems & Components / Operating system package or component qt6-platformsupport-private-devel Operating systems & Components / Operating system package or component qt6-platformtheme-gtk3-debuginfo Operating systems & Components / Operating system package or component qt6-networkinformation-nm-debuginfo Operating systems & Components / Operating system package or component qt6-networkinformation-nm Operating systems & Components / Operating system package or component qt6-base-docs-html Operating systems & Components / Operating system package or component qt6-sql-postgresql Operating systems & Components / Operating system package or component qt6-printsupport-cups Operating systems & Components / Operating system package or component qt6-test-private-devel Operating systems & Components / Operating system package or component qt6-printsupport-cups-debuginfo Operating systems & Components / Operating system package or component qt6-base-devel Operating systems & Components / Operating system package or component libQt6OpenGLWidgets6-debuginfo Operating systems & Components / Operating system package or component libQt6Widgets6-debuginfo Operating systems & Components / Operating system package or component libQt6Gui6 Operating systems & Components / Operating system package or component libQt6PrintSupport6-debuginfo Operating systems & Components / Operating system package or component qt6-base-common-devel Operating systems & Components / Operating system package or component libQt6Test6 Operating systems & Components / Operating system package or component qt6-printsupport-devel Operating systems & Components / Operating system package or component qt6-opengl-private-devel Operating systems & Components / Operating system package or component libQt6Test6-debuginfo Operating systems & Components / Operating system package or component qt6-network-devel Operating systems & Components / Operating system package or component qt6-sql-sqlite Operating systems & Components / Operating system package or component qt6-base-debugsource Operating systems & Components / Operating system package or component qt6-kmssupport-private-devel Operating systems & Components / Operating system package or component libQt6OpenGLWidgets6 Operating systems & Components / Operating system package or component libQt6Network6 Operating systems & Components / Operating system package or component libQt6Xml6 Operating systems & Components / Operating system package or component qt6-base-debuginfo Operating systems & Components / Operating system package or component libQt6Core6-debuginfo Operating systems & Components / Operating system package or component qt6-network-tls-debuginfo Operating systems & Components / Operating system package or component libQt6Widgets6 Operating systems & Components / Operating system package or component qt6-gui-devel Operating systems & Components / Operating system package or component libQt6Xml6-debuginfo Operating systems & Components / Operating system package or component qt6-openglwidgets-devel Operating systems & Components / Operating system package or component libQt6DBus6-debuginfo Operating systems & Components / Operating system package or component qt6-widgets-devel Operating systems & Components / Operating system package or component libQt6OpenGL6 Operating systems & Components / Operating system package or component qt6-sql-sqlite-debuginfo Operating systems & Components / Operating system package or component libQt6PrintSupport6 Operating systems & Components / Operating system package or component libQt6OpenGL6-debuginfo Operating systems & Components / Operating system package or component libQt6Gui6-debuginfo Operating systems & Components / Operating system package or component libQt6DBus6 Operating systems & Components / Operating system package or component qt6-core-devel Operating systems & Components / Operating system package or component qt6-opengl-devel Operating systems & Components / Operating system package or component qt6-xml-devel Operating systems & Components / Operating system package or component qt6-platformsupport-devel-static Operating systems & Components / Operating system package or component libQt6Sql6-debuginfo Operating systems & Components / Operating system package or component libQt6Network6-debuginfo Operating systems & Components / Operating system package or component qt6-core-private-devel Operating systems & Components / Operating system package or component libQt6Core6 Operating systems & Components / Operating system package or component qt6-widgets-private-devel Operating systems & Components / Operating system package or component libQt6Concurrent6 Operating systems & Components / Operating system package or component qt6-dbus-devel Operating systems & Components / Operating system package or component libQt6Concurrent6-debuginfo Operating systems & Components / Operating system package or component qt6-sql-devel Operating systems & Components / Operating system package or component qt6-network-tls Operating systems & Components / Operating system package or component libQt6Sql6 Operating systems & Components / Operating system package or component qt6-test-devel Operating systems & Components / Operating system package or component qt6-kmssupport-devel-static Operating systems & Components / Operating system package or component qt6-concurrent-devel Operating systems & Components / Operating system package or component qt6-base-common-devel-debuginfo Operating systems & Components / Operating system package or component qt6-gui-private-devel Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Use-after-free

EUVDB-ID: #VU96587

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-30161

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error when accessing the QNetworkReply header data. A remote attacker can perform a denial of service attack.

Mitigation

Update the affected package qt6-base to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

Desktop Applications Module: 15-SP5

SUSE Package Hub 15: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

qt6-docs-common: before 6.4.2-150500.3.17.1

qt6-base-private-devel: before 6.4.2-150500.3.17.1

qt6-dbus-private-devel: before 6.4.2-150500.3.17.1

qt6-base-examples-debuginfo: before 6.4.2-150500.3.17.1

qt6-sql-unixODBC: before 6.4.2-150500.3.17.1

qt6-xml-private-devel: before 6.4.2-150500.3.17.1

qt6-sql-mysql-debuginfo: before 6.4.2-150500.3.17.1

qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.4.2-150500.3.17.1

qt6-networkinformation-glib-debuginfo: before 6.4.2-150500.3.17.1

qt6-sql-postgresql-debuginfo: before 6.4.2-150500.3.17.1

qt6-network-private-devel: before 6.4.2-150500.3.17.1

qt6-platformtheme-gtk3: before 6.4.2-150500.3.17.1

qt6-sql-mysql: before 6.4.2-150500.3.17.1

qt6-base-docs-qch: before 6.4.2-150500.3.17.1

qt6-printsupport-private-devel: before 6.4.2-150500.3.17.1

qt6-base-examples: before 6.4.2-150500.3.17.1

qt6-sql-unixODBC-debuginfo: before 6.4.2-150500.3.17.1

qt6-sql-private-devel: before 6.4.2-150500.3.17.1

qt6-platformtheme-xdgdesktopportal: before 6.4.2-150500.3.17.1

qt6-networkinformation-glib: before 6.4.2-150500.3.17.1

qt6-platformsupport-private-devel: before 6.4.2-150500.3.17.1

qt6-platformtheme-gtk3-debuginfo: before 6.4.2-150500.3.17.1

qt6-networkinformation-nm-debuginfo: before 6.4.2-150500.3.17.1

qt6-networkinformation-nm: before 6.4.2-150500.3.17.1

qt6-base-docs-html: before 6.4.2-150500.3.17.1

qt6-sql-postgresql: before 6.4.2-150500.3.17.1

qt6-printsupport-cups: before 6.4.2-150500.3.17.1

qt6-test-private-devel: before 6.4.2-150500.3.17.1

qt6-printsupport-cups-debuginfo: before 6.4.2-150500.3.17.1

qt6-base-devel: before 6.4.2-150500.3.17.1

libQt6OpenGLWidgets6-debuginfo: before 6.4.2-150500.3.17.1

libQt6Widgets6-debuginfo: before 6.4.2-150500.3.17.1

libQt6Gui6: before 6.4.2-150500.3.17.1

libQt6PrintSupport6-debuginfo: before 6.4.2-150500.3.17.1

qt6-base-common-devel: before 6.4.2-150500.3.17.1

libQt6Test6: before 6.4.2-150500.3.17.1

qt6-printsupport-devel: before 6.4.2-150500.3.17.1

qt6-opengl-private-devel: before 6.4.2-150500.3.17.1

libQt6Test6-debuginfo: before 6.4.2-150500.3.17.1

qt6-network-devel: before 6.4.2-150500.3.17.1

qt6-sql-sqlite: before 6.4.2-150500.3.17.1

qt6-base-debugsource: before 6.4.2-150500.3.17.1

qt6-kmssupport-private-devel: before 6.4.2-150500.3.17.1

libQt6OpenGLWidgets6: before 6.4.2-150500.3.17.1

libQt6Network6: before 6.4.2-150500.3.17.1

libQt6Xml6: before 6.4.2-150500.3.17.1

qt6-base-debuginfo: before 6.4.2-150500.3.17.1

libQt6Core6-debuginfo: before 6.4.2-150500.3.17.1

qt6-network-tls-debuginfo: before 6.4.2-150500.3.17.1

libQt6Widgets6: before 6.4.2-150500.3.17.1

qt6-gui-devel: before 6.4.2-150500.3.17.1

libQt6Xml6-debuginfo: before 6.4.2-150500.3.17.1

qt6-openglwidgets-devel: before 6.4.2-150500.3.17.1

libQt6DBus6-debuginfo: before 6.4.2-150500.3.17.1

qt6-widgets-devel: before 6.4.2-150500.3.17.1

libQt6OpenGL6: before 6.4.2-150500.3.17.1

qt6-sql-sqlite-debuginfo: before 6.4.2-150500.3.17.1

libQt6PrintSupport6: before 6.4.2-150500.3.17.1

libQt6OpenGL6-debuginfo: before 6.4.2-150500.3.17.1

libQt6Gui6-debuginfo: before 6.4.2-150500.3.17.1

libQt6DBus6: before 6.4.2-150500.3.17.1

qt6-core-devel: before 6.4.2-150500.3.17.1

qt6-opengl-devel: before 6.4.2-150500.3.17.1

qt6-xml-devel: before 6.4.2-150500.3.17.1

qt6-platformsupport-devel-static: before 6.4.2-150500.3.17.1

libQt6Sql6-debuginfo: before 6.4.2-150500.3.17.1

libQt6Network6-debuginfo: before 6.4.2-150500.3.17.1

qt6-core-private-devel: before 6.4.2-150500.3.17.1

libQt6Core6: before 6.4.2-150500.3.17.1

qt6-widgets-private-devel: before 6.4.2-150500.3.17.1

libQt6Concurrent6: before 6.4.2-150500.3.17.1

qt6-dbus-devel: before 6.4.2-150500.3.17.1

libQt6Concurrent6-debuginfo: before 6.4.2-150500.3.17.1

qt6-sql-devel: before 6.4.2-150500.3.17.1

qt6-network-tls: before 6.4.2-150500.3.17.1

libQt6Sql6: before 6.4.2-150500.3.17.1

qt6-test-devel: before 6.4.2-150500.3.17.1

qt6-kmssupport-devel-static: before 6.4.2-150500.3.17.1

qt6-concurrent-devel: before 6.4.2-150500.3.17.1

qt6-base-common-devel-debuginfo: before 6.4.2-150500.3.17.1

qt6-gui-private-devel: before 6.4.2-150500.3.17.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241174-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.