| Summary: | qtnetworkauth5 and qtnetworkauth6 new security issue CVE-2024-36048 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, geiger.david68210, herman.viaene, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | qtnetworkauth5, qtnetworkauth6 | CVE: | CVE-2024-36048 |
| Status comment: | Fixed upstream in 5.15.17 and 6.5.6 or 6.7.1 and patches available from openSUSE and upstream | ||
| Attachments: | Install/Uninstall log | ||
|
Description
Nicolas Salguero
2024-05-27 16:52:22 CEST
Nicolas Salguero
2024-05-27 16:53:43 CEST
Source RPM:
(none) =>
qtnetworkauth5, qtnetworkauth6 Fixed for Cauldron both qtnetworkauth6 and qtnetworkauth5! CC:
(none) =>
geiger.david68210 Assigning to QA, Packages in 9/Core/Updates_testing: ====================== libqt5networkauth-devel-5.15.7-1.1.mga9 libqt5networkauth5-5.15.7-1.1.mga9 lib64qt5networkauth-devel-5.15.7-1.1.mga9 lib64qt5networkauth5-5.15.7-1.1.mga9 qtnetworkauth5-doc-5.15.7-1.1.mga9.noarch.rpm libqt6networkauth-devel-6.4.1-1.1.mga9 libqt6networkauth6-6.4.1-1.1.mga9 lib64qt6networkauth-devel-6.4.1-1.1.mga9 lib64qt6networkauth6-6.4.1-1.1.mga9 From SRPMS: qtnetworkauth5-5.15.7-1.1.mga9.src.rpm qtnetworkauth6-6.4.1-1.1.mga9.src.rpm Assignee:
bugsquad =>
qa-bugs
katnatek
2024-05-27 19:59:50 CEST
Keywords:
(none) =>
advisory Created attachment 14551 [details]
Install/Uninstall log
RH mageia 9 x86_64
I just test install/uninstall
Feel free of test applications that depends on this
urpmq --whatrequires-recursive lib64qt5networkauth5|uniq
akonadi-kde
choqok
digikam
kaddressbook
kalarm
kalarm-handbook
kalendar
kbibtex
kdenlive
kdepim-addons
kmail
kmail-handbook
knotes
knotes-handbook
korganizer
korganizer-handbook
lib64choqok-devel
lib64gnusocialapihelper1
lib64kaddressbookprivate5
lib64kbibtex-devel
lib64kbibtex0
lib64kpim5addressbookimportexport5
lib64kpimaddressbookimportexport-devel
lib64qt5networkauth-devel
lib64qt5networkauth5
lib64twitterapihelper1
libkaddressbookprivate5
libkpim5addressbookimportexport5
libkpimaddressbookimportexport-devel
mscore
python3-qt5-networkauth
zanshin
urpmq --whatrequires-recursive lib64qt6networkauth6|uniq
calibre
eric7
lib64qt6networkauth-devel
lib64qt6networkauth6
python3-pyside6-networkauth
python3-qt6
python3-qt6-devel
python3-qt6-networkauth
python3-qt6-qscintilla
Give OK in base, a clean install and not additional test by the team CC:
(none) =>
andrewsfarm MGA9-64 Plasma Wayland on HP-Pavillion No installation issues. Installed mscore and run it under strace, wrote a small score, saved it and found in the trace: openat(AT_FDCWD, "/lib64/libQt5NetworkAuth.so.5", O_RDONLY|O_CLOEXEC) = 3 Installed and run eric7 under strace , run hello world and found in the trace: openat(AT_FDCWD, "/lib64/libQt6Network.so.6", O_RDONLY|O_CLOEXEC) = 3 Should be OK CC:
(none) =>
herman.viaene You beat me to it, Herman. I had a few minutes, so I thought I'd try it with Zanshin, described as "A Getting Things Done application which aims at getting your mind like water." Not sure if I like that idea, but I installed and ran it under strace, anyway. Seems to be an app for maintaining a ToDo list. Being of an earlier generation, that's something I've always done with a pad in my pocket. No electronics involved. Anyway, searching the trace showed three times where "/usr/lib64/libQt5Network.so.5.15.7" was invoked, and the application worked as it should (I guess), so that confirms the OK. Validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0197.html Resolution:
(none) =>
FIXED |