RHSA-2020:4690MediumCVSS 7.5
Red Hat Security Advisory: qt5-qtbase and qt5-qtwebsockets security and bug fix update
🔗 CVE IDs covered (5)
📋 Description
CVE-2015-9541 — qt: XML entity expansion vulnerability CVE-2018-21035 — qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages therefore attacker can cause DOS CVE-2020-0569 — qt: files placed by attacker can influence the working directory and lead to malicious code execution CVE-2020-0570 — qt: files placed by attacker can influence the working directory and lead to malicious code execution CVE-2020-13962 — qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2020:4690
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1800600
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1800604
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1801369
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1810964
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1832857
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1849734
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4690.json