<div class="container">
<h1>Security update for libqt5-qtbase</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:2971-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209616">#1209616</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211642">#1211642</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211994">#1211994</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1213326">#1213326</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-24607.html">CVE-2023-24607</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-33285.html">CVE-2023-33285</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-34410.html">CVE-2023-34410</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-38197.html">CVE-2023-38197</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-24607</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-33285</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-33285</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-34410</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.2</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-34410</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-38197</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-38197</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Software Development Kit 12 SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves four vulnerabilities can now be installed.</p>
<h2>Description:</h2>
<p>This update for libqt5-qtbase fixes the following issues:</p>
<ul>
<li>CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS (bsc#1209616).</li>
<li>CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642).</li>
<li>CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate (bsc#1211994).</li>
<li>CVE-2023-38197: Fixed infinite loops in QXmlStreamReader(bsc#1213326).</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE Important update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Software Development Kit 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2971=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2971=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2971=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2971=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>libQt5Network-devel-5.6.2-6.36.1</li>
<li>libQt5Concurrent-devel-5.6.2-6.36.1</li>
<li>libQt5PlatformHeaders-devel-5.6.2-6.36.1</li>
<li>libQt5PlatformSupport-devel-static-5.6.2-6.36.1</li>
<li>libQt5Bootstrap-devel-static-5.6.2-6.36.1</li>
<li>libQt5Gui-devel-5.6.2-6.36.1</li>
<li>libQt5Widgets-devel-5.6.2-6.36.1</li>
<li>libQt5Xml-devel-5.6.2-6.36.1</li>
<li>libQt5OpenGL-devel-5.6.2-6.36.1</li>
<li>libqt5-qtbase-devel-5.6.2-6.36.1</li>
<li>libQt5DBus-devel-debuginfo-5.6.2-6.36.1</li>
<li>libqt5-qtbase-common-devel-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql-devel-5.6.2-6.36.1</li>
<li>libqt5-qtbase-common-devel-5.6.2-6.36.1</li>
<li>libqt5-qtbase-debugsource-5.6.2-6.36.1</li>
<li>libQt5Test-devel-5.6.2-6.36.1</li>
<li>libQt5PrintSupport-devel-5.6.2-6.36.1</li>
<li>libQt5Core-devel-5.6.2-6.36.1</li>
<li>libQt5OpenGLExtensions-devel-static-5.6.2-6.36.1</li>
<li>libQt5DBus-devel-5.6.2-6.36.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch)
<ul>
<li>libQt5Network-private-headers-devel-5.6.2-6.36.1</li>
<li>libQt5DBus-private-headers-devel-5.6.2-6.36.1</li>
<li>libQt5Test-private-headers-devel-5.6.2-6.36.1</li>
<li>libQt5Gui-private-headers-devel-5.6.2-6.36.1</li>
<li>libQt5Widgets-private-headers-devel-5.6.2-6.36.1</li>
<li>libqt5-qtbase-private-headers-devel-5.6.2-6.36.1</li>
<li>libQt5Core-private-headers-devel-5.6.2-6.36.1</li>
<li>libQt5PlatformSupport-private-headers-devel-5.6.2-6.36.1</li>
<li>libQt5PrintSupport-private-headers-devel-5.6.2-6.36.1</li>
<li>libQt5Sql-private-headers-devel-5.6.2-6.36.1</li>
<li>libQt5OpenGL-private-headers-devel-5.6.2-6.36.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
<ul>
<li>libQt5Network5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-sqlite-5.6.2-6.36.1</li>
<li>libQt5Sql5-sqlite-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-unixODBC-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-mysql-5.6.2-6.36.1</li>
<li>libQt5Test5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Widgets5-5.6.2-6.36.1</li>
<li>libQt5Gui5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Xml5-5.6.2-6.36.1</li>
<li>libQt5Sql5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5DBus5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-5.6.2-6.36.1</li>
<li>libqt5-qtbase-debugsource-5.6.2-6.36.1</li>
<li>libQt5Core5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-postgresql-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-mysql-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Xml5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Gui5-5.6.2-6.36.1</li>
<li>libQt5Concurrent5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Test5-5.6.2-6.36.1</li>
<li>libQt5Sql5-unixODBC-5.6.2-6.36.1</li>
<li>libQt5PrintSupport5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Network5-5.6.2-6.36.1</li>
<li>libQt5Sql5-postgresql-5.6.2-6.36.1</li>
<li>libQt5DBus5-5.6.2-6.36.1</li>
<li>libQt5Core5-5.6.2-6.36.1</li>
<li>libQt5OpenGL5-5.6.2-6.36.1</li>
<li>libQt5Concurrent5-5.6.2-6.36.1</li>
<li>libQt5PrintSupport5-5.6.2-6.36.1</li>
<li>libQt5Widgets5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5OpenGL5-debuginfo-5.6.2-6.36.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>libQt5Network5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-sqlite-5.6.2-6.36.1</li>
<li>libQt5Sql5-sqlite-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-unixODBC-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-mysql-5.6.2-6.36.1</li>
<li>libQt5Test5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Widgets5-5.6.2-6.36.1</li>
<li>libQt5Gui5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Xml5-5.6.2-6.36.1</li>
<li>libQt5Sql5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5DBus5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-5.6.2-6.36.1</li>
<li>libqt5-qtbase-debugsource-5.6.2-6.36.1</li>
<li>libQt5Core5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-postgresql-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-mysql-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Xml5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Gui5-5.6.2-6.36.1</li>
<li>libQt5Concurrent5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Test5-5.6.2-6.36.1</li>
<li>libQt5Sql5-unixODBC-5.6.2-6.36.1</li>
<li>libQt5PrintSupport5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Network5-5.6.2-6.36.1</li>
<li>libQt5Sql5-postgresql-5.6.2-6.36.1</li>
<li>libQt5DBus5-5.6.2-6.36.1</li>
<li>libQt5Core5-5.6.2-6.36.1</li>
<li>libQt5OpenGL5-5.6.2-6.36.1</li>
<li>libQt5Concurrent5-5.6.2-6.36.1</li>
<li>libQt5PrintSupport5-5.6.2-6.36.1</li>
<li>libQt5Widgets5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5OpenGL5-debuginfo-5.6.2-6.36.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
<ul>
<li>libQt5Network5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-sqlite-5.6.2-6.36.1</li>
<li>libQt5Sql5-sqlite-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-unixODBC-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-mysql-5.6.2-6.36.1</li>
<li>libQt5Test5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Widgets5-5.6.2-6.36.1</li>
<li>libQt5Gui5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Xml5-5.6.2-6.36.1</li>
<li>libQt5Sql5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5DBus5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-5.6.2-6.36.1</li>
<li>libqt5-qtbase-debugsource-5.6.2-6.36.1</li>
<li>libQt5Core5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-postgresql-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Sql5-mysql-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Xml5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Gui5-5.6.2-6.36.1</li>
<li>libQt5Concurrent5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Test5-5.6.2-6.36.1</li>
<li>libQt5Sql5-unixODBC-5.6.2-6.36.1</li>
<li>libQt5PrintSupport5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5Network5-5.6.2-6.36.1</li>
<li>libQt5Sql5-postgresql-5.6.2-6.36.1</li>
<li>libQt5DBus5-5.6.2-6.36.1</li>
<li>libQt5Core5-5.6.2-6.36.1</li>
<li>libQt5OpenGL5-5.6.2-6.36.1</li>
<li>libQt5Concurrent5-5.6.2-6.36.1</li>
<li>libQt5PrintSupport5-5.6.2-6.36.1</li>
<li>libQt5Widgets5-debuginfo-5.6.2-6.36.1</li>
<li>libQt5OpenGL5-debuginfo-5.6.2-6.36.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-24607.html">https://www.suse.com/security/cve/CVE-2023-24607.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-33285.html">https://www.suse.com/security/cve/CVE-2023-33285.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-34410.html">https://www.suse.com/security/cve/CVE-2023-34410.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-38197.html">https://www.suse.com/security/cve/CVE-2023-38197.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209616">https://bugzilla.suse.com/show_bug.cgi?id=1209616</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211642">https://bugzilla.suse.com/show_bug.cgi?id=1211642</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211994">https://bugzilla.suse.com/show_bug.cgi?id=1211994</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1213326">https://bugzilla.suse.com/show_bug.cgi?id=1213326</a>
</li>
</ul>
</div>