{"id":"ALSA-2023:6967","summary":"Moderate: qt5-qtbase security update","details":"Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. \n\nSecurity Fix(es):\n\n* qt: buffer over-read via a crafted reply from a DNS server (CVE-2023-33285)\n* qt: allows remote attacker to bypass security restrictions caused by flaw in certificate validation (CVE-2023-34410)\n* qtbase: buffer overflow in QXmlStreamReader (CVE-2023-37369)\n* qtbase: infinite loops in QXmlStreamReader (CVE-2023-38197)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.","modified":"2026-01-30T01:31:12.801083Z","published":"2023-11-14T00:00:00Z","related":["CVE-2023-33285","CVE-2023-34410","CVE-2023-37369","CVE-2023-38197"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:6967"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-33285"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-34410"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-37369"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-38197"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2209488"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2212747"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2222767"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2232173"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2023-6967.html"}],"affected":[{"package":{"name":"qt5-qtbase","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/qt5-qtbase"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.3-5.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:6967.json"}},{"package":{"name":"qt5-qtbase-common","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/qt5-qtbase-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.3-5.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:6967.json"}},{"package":{"name":"qt5-qtbase-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/qt5-qtbase-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.3-5.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:6967.json"}},{"package":{"name":"qt5-qtbase-examples","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/qt5-qtbase-examples"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.3-5.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:6967.json"}},{"package":{"name":"qt5-qtbase-gui","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/qt5-qtbase-gui"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.3-5.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:6967.json"}},{"package":{"name":"qt5-qtbase-mysql","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/qt5-qtbase-mysql"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.3-5.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:6967.json"}},{"package":{"name":"qt5-qtbase-odbc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/qt5-qtbase-odbc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.3-5.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:6967.json"}},{"package":{"name":"qt5-qtbase-postgresql","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/qt5-qtbase-postgresql"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.3-5.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:6967.json"}},{"package":{"name":"qt5-qtbase-private-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/qt5-qtbase-private-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.3-5.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:6967.json"}},{"package":{"name":"qt5-qtbase-static","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/qt5-qtbase-static"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.3-5.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:6967.json"}}],"schema_version":"1.7.3"}