Security update for libqt5-qtbase

Announcement ID:	SUSE-SU-2019:0927-1
Rating:	moderate
References:	bsc#1108889 bsc#1118597 bsc#1129662 bsc#1130246
Cross-References:	CVE-2018-19870 CVE-2018-19872
CVSS scores:	CVE-2018-19870 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-19870 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-19872 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-19872 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:	Basesystem Module 15 Desktop Applications Module 15 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15

An update that solves two vulnerabilities and has two security fixes can now be installed.

Description:

This update for libqt5-qtbase fixes the following issues:

Security issues fixed:

• CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246).
• CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597).

Other issue addressed:

• Fixed an issue which showing remote locations was not allowed (bsc#1129662).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Basesystem Module 15
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-927=1
• Desktop Applications Module 15
  zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-927=1

Package List:

• Basesystem Module 15 (aarch64 ppc64le s390x x86_64)
  • libQt5Network-devel-5.9.4-8.18.2
  • libQt5Widgets-devel-5.9.4-8.18.2
  • libQt5Concurrent5-5.9.4-8.18.2
  • libQt5Network5-debuginfo-5.9.4-8.18.2
  • libQt5DBus-devel-5.9.4-8.18.2
  • libQt5OpenGL5-5.9.4-8.18.2
  • libqt5-qtbase-common-devel-debuginfo-5.9.4-8.18.2
  • libqt5-qtbase-debugsource-5.9.4-8.18.2
  • libQt5Concurrent5-debuginfo-5.9.4-8.18.2
  • libqt5-qtbase-common-devel-5.9.4-8.18.2
  • libQt5DBus5-debuginfo-5.9.4-8.18.2
  • libQt5Sql5-5.9.4-8.18.2
  • libQt5Sql5-sqlite-5.9.4-8.18.2
  • libQt5Sql5-debuginfo-5.9.4-8.18.2
  • libQt5Test5-5.9.4-8.18.2
  • libQt5Xml-devel-5.9.4-8.18.2
  • libQt5DBus5-5.9.4-8.18.2
  • libQt5Sql-devel-5.9.4-8.18.2
  • libQt5Core5-debuginfo-5.9.4-8.18.2
  • libQt5PrintSupport-devel-5.9.4-8.18.2
  • libQt5Widgets5-5.9.4-8.18.2
  • libQt5Core-devel-5.9.4-8.18.2
  • libQt5Gui-devel-5.9.4-8.18.2
  • libQt5OpenGL5-debuginfo-5.9.4-8.18.2
  • libQt5KmsSupport-devel-static-5.9.4-8.18.2
  • libQt5Concurrent-devel-5.9.4-8.18.2
  • libQt5PlatformSupport-devel-static-5.9.4-8.18.2
  • libQt5Gui5-debuginfo-5.9.4-8.18.2
  • libQt5Xml5-debuginfo-5.9.4-8.18.2
  • libQt5PrintSupport5-5.9.4-8.18.2
  • libQt5Test5-debuginfo-5.9.4-8.18.2
  • libQt5Xml5-5.9.4-8.18.2
  • libQt5Gui5-5.9.4-8.18.2
  • libQt5DBus-devel-debuginfo-5.9.4-8.18.2
  • libQt5Sql5-sqlite-debuginfo-5.9.4-8.18.2
  • libQt5OpenGL-devel-5.9.4-8.18.2
  • libQt5Test-devel-5.9.4-8.18.2
  • libQt5Core5-5.9.4-8.18.2
  • libQt5PrintSupport5-debuginfo-5.9.4-8.18.2
  • libQt5PlatformHeaders-devel-5.9.4-8.18.2
  • libQt5Network5-5.9.4-8.18.2
  • libQt5Widgets5-debuginfo-5.9.4-8.18.2
  • libqt5-qtbase-devel-5.9.4-8.18.2
• Basesystem Module 15 (noarch)
  • libQt5KmsSupport-private-headers-devel-5.9.4-8.18.2
  • libQt5Core-private-headers-devel-5.9.4-8.18.2
  • libQt5Test-private-headers-devel-5.9.4-8.18.2
  • libQt5OpenGL-private-headers-devel-5.9.4-8.18.2
  • libQt5PlatformSupport-private-headers-devel-5.9.4-8.18.2
  • libQt5Widgets-private-headers-devel-5.9.4-8.18.2
  • libQt5Network-private-headers-devel-5.9.4-8.18.2
  • libqt5-qtbase-private-headers-devel-5.9.4-8.18.2
  • libQt5PrintSupport-private-headers-devel-5.9.4-8.18.2
  • libQt5Gui-private-headers-devel-5.9.4-8.18.2
  • libQt5Sql-private-headers-devel-5.9.4-8.18.2
  • libQt5DBus-private-headers-devel-5.9.4-8.18.2
• Desktop Applications Module 15 (aarch64 ppc64le s390x x86_64)
  • libqt5-qtbase-debugsource-5.9.4-8.18.2
  • libQt5Sql5-mysql-5.9.4-8.18.2
  • libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.4-8.18.2
  • libqt5-qtbase-platformtheme-gtk3-5.9.4-8.18.2
  • libQt5Sql5-mysql-debuginfo-5.9.4-8.18.2
  • libQt5Sql5-postgresql-5.9.4-8.18.2
  • libQt5Sql5-unixODBC-debuginfo-5.9.4-8.18.2
  • libQt5OpenGLExtensions-devel-static-5.9.4-8.18.2
  • libQt5Sql5-postgresql-debuginfo-5.9.4-8.18.2
  • libQt5Sql5-unixODBC-5.9.4-8.18.2

References:

• https://www.suse.com/security/cve/CVE-2018-19870.html
• https://www.suse.com/security/cve/CVE-2018-19872.html
• https://bugzilla.suse.com/show_bug.cgi?id=1108889
• https://bugzilla.suse.com/show_bug.cgi?id=1118597
• https://bugzilla.suse.com/show_bug.cgi?id=1129662
• https://bugzilla.suse.com/show_bug.cgi?id=1130246