{"id":"RLSA-2023:6369","summary":"Moderate: qt5 security and bug fix update","details":"Qt is a software toolkit for developing applications.\n\nSecurity Fix(es):\n\n* qt: buffer over-read via a crafted reply from a DNS server (CVE-2023-33285)\n\n* qt: allows remote attacker to bypass security restrictions caused by flaw in certificate validation (CVE-2023-34410)\n\n* qtbase: buffer overflow in QXmlStreamReader (CVE-2023-37369)\n\n* qtbase: infinite loops in QXmlStreamReader (CVE-2023-38197)\n\n* qt: Uninitialized variable usage in m_unitsPerEm (CVE-2023-32573)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 9.3 Release Notes linked from the References section.","modified":"2026-06-25T12:30:04.194315907Z","published":"2026-06-25T12:03:37.665962Z","upstream":["CVE-2023-32573","CVE-2023-33285","CVE-2023-34410","CVE-2023-37369","CVE-2023-38197"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2023:6369"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2208135"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2209488"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2212747"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2222767"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2232173"}],"affected":[{"package":{"name":"adwaita-qt","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/adwaita-qt?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.2-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"python-pyqt5-sip","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/python-pyqt5-sip?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:12.11.1-1.el9.0.1"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"python-qt5","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/python-qt5?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qgnomeplatform","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qgnomeplatform?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.9.0-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-doc","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-doc?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtconnectivity","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtconnectivity?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-2.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtdeclarative","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtdeclarative?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-3.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtdoc","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtdoc?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtgraphicaleffects","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtgraphicaleffects?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtimageformats","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtimageformats?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtlocation","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtlocation?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtmultimedia","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtmultimedia?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtquickcontrols","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtquickcontrols?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtquickcontrols2","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtquickcontrols2?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtscript","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtscript?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtsensors","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtsensors?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtserialbus","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtserialbus?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtserialport","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtserialport?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtsvg","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtsvg?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-2.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qttranslations","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qttranslations?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtwayland","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtwayland?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtwebchannel","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtwebchannel?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtwebsockets","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtwebsockets?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-2.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtx11extras","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtx11extras?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-1.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}},{"package":{"name":"qt5-qtxmlpatterns","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/qt5-qtxmlpatterns?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.9-2.el9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2023:6369.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}