Bug 29468 - qtbase5 new security issue CVE-2021-38593
Summary: qtbase5 new security issue CVE-2021-38593
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2021-09-16 22:06 CEST by David Walser
Modified: 2021-10-27 14:14 CEST (History)
6 users (show)

See Also:
Source RPM: qtbase5-5.15.2-4.2.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-09-16 22:06:39 CEST 
Ubuntu has issued an advisory today (September 16):
https://ubuntu.com/security/notices/USN-5081-1

Mageia 8 is also affected.
David Walser 2021-09-16 22:06:53 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Patch available from Ubuntu

Comment 1 Nicolas Lécureuil 2021-10-16 22:33:56 CEST 
Fixed in cauldron

Pushed in mga8:


src:
    - qtbase5-5.15.2-4.4.mga8

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)
Assignee: kde => qa-bugs
Status comment: Patch available from Ubuntu => (none)
CC: (none) => mageia

Comment 2 Nicolas Lécureuil 2021-10-16 22:45:16 CEST 
need more fixes

Assignee: qa-bugs => mageia

Comment 3 Nicolas Lécureuil 2021-10-17 13:18:25 CEST 
this time it compiles :)

Assignee: mageia => qa-bugs

Comment 4 Morgan Leijström 2021-10-17 13:58:53 CEST 
OK for me in simple use on main computer, will keep using it.

mga8-64, plasma, nvidia-current, kernel 5.14.10-desktop-1.mga8, 4kscreen

Updated to

- lib64qt5-database-plugin-ibase-5.15.2-4.4.mga8.x86_64
- lib64qt5-database-plugin-mysql-5.15.2-4.4.mga8.x86_64
- lib64qt5-database-plugin-sqlite-5.15.2-4.4.mga8.x86_64
- lib64qt5concurrent5-5.15.2-4.4.mga8.x86_64
- lib64qt5core5-5.15.2-4.4.mga8.x86_64
- lib64qt5dbus5-5.15.2-4.4.mga8.x86_64
- lib64qt5eglfsdeviceintegration5-5.15.2-4.4.mga8.x86_64
- lib64qt5eglfskmssupport5-5.15.2-4.4.mga8.x86_64
- lib64qt5gui5-5.15.2-4.4.mga8.x86_64
- lib64qt5network5-5.15.2-4.4.mga8.x86_64
- lib64qt5opengl5-5.15.2-4.4.mga8.x86_64
- lib64qt5printsupport5-5.15.2-4.4.mga8.x86_64
- lib64qt5sql5-5.15.2-4.4.mga8.x86_64
- lib64qt5test5-5.15.2-4.4.mga8.x86_64
- lib64qt5widgets5-5.15.2-4.4.mga8.x86_64
- lib64qt5xcbqpa5-5.15.2-4.4.mga8.x86_64
- lib64qt5xml5-5.15.2-4.4.mga8.x86_64
- qtbase5-common-5.15.2-4.4.mga8.x86_64

Logged out, and back in to Plasma

Using some desktop apps, no problems noted.

CC: (none) => fri

Comment 5 David Walser 2021-10-17 19:28:29 CEST 
qtbase5-doc-5.15.2-4.4.mga8
qtbase5-examples-5.15.2-4.4.mga8
libqt5themesupport-static-devel-5.15.2-4.4.mga8
libqt5linuxaccessibilitysupport-static-devel-5.15.2-4.4.mga8
libqt5bootstrap-static-devel-5.15.2-4.4.mga8
libqt5gui5-5.15.2-4.4.mga8
libqt5inputsupport-static-devel-5.15.2-4.4.mga8
libqt5core5-5.15.2-4.4.mga8
qtbase5-common-devel-5.15.2-4.4.mga8
libqt5widgets5-5.15.2-4.4.mga8
libqt5gui-devel-5.15.2-4.4.mga8
libqt5fbsupport-static-devel-5.15.2-4.4.mga8
libqt5fontdatabasesupport-static-devel-5.15.2-4.4.mga8
libqt5core-devel-5.15.2-4.4.mga8
libqt5widgets-devel-5.15.2-4.4.mga8
libqt5opengl-devel-5.15.2-4.4.mga8
libqt5eglsupport-static-devel-5.15.2-4.4.mga8
libqt5eventdispatchersupport-static-devel-5.15.2-4.4.mga8
libqt5platformcompositorsupport-static-devel-5.15.2-4.4.mga8
libqt5kmssupport-static-devel-5.15.2-4.4.mga8
libqt5network5-5.15.2-4.4.mga8
libqt5vulkansupport-static-devel-5.15.2-4.4.mga8
libqt5xcbqpa5-5.15.2-4.4.mga8
libqt5devicediscoverysupport-static-devel-5.15.2-4.4.mga8
qtbase5-common-5.15.2-4.4.mga8
libqt5eglfsdeviceintegration5-5.15.2-4.4.mga8
libqt5xkbcommonsupport-static-devel-5.15.2-4.4.mga8
libqt5servicesupport-static-devel-5.15.2-4.4.mga8
libqt5edid-devel-5.15.2-4.4.mga8
libqt5network-devel-5.15.2-4.4.mga8
libqt5dbus5-5.15.2-4.4.mga8
libqt5test-devel-5.15.2-4.4.mga8
libqt5accessibilitysupport-static-devel-5.15.2-4.4.mga8
libqt5printsupport5-5.15.2-4.4.mga8
libqt5glxsupport-static-devel-5.15.2-4.4.mga8
libqt5test5-5.15.2-4.4.mga8
libqt5opengl5-5.15.2-4.4.mga8
libqt5eglfskmssupport5-5.15.2-4.4.mga8
libqt5xml5-5.15.2-4.4.mga8
libqt5sql5-5.15.2-4.4.mga8
libqt5-database-plugin-odbc-5.15.2-4.4.mga8
libqt5concurrent-devel-5.15.2-4.4.mga8
libqt5printsupport-devel-5.15.2-4.4.mga8
libqt5dbus-devel-5.15.2-4.4.mga8
libqt5-database-plugin-ibase-5.15.2-4.4.mga8
libqt5-database-plugin-pgsql-5.15.2-4.4.mga8
libqt5sql-devel-5.15.2-4.4.mga8
libqt5xml-devel-5.15.2-4.4.mga8
libqt5-database-plugin-sqlite-5.15.2-4.4.mga8
libqt5-database-plugin-mysql-5.15.2-4.4.mga8
libqt5-database-plugin-tds-5.15.2-4.4.mga8
libqt5eglfsdeviceintegration-devel-5.15.2-4.4.mga8
libqt5concurrent5-5.15.2-4.4.mga8
libqt5eglfskmssupport-devel-5.15.2-4.4.mga8
libqt5platformsupport-devel-5.15.2-4.4.mga8
libqt5xcbqpa-devel-5.15.2-4.4.mga8
libqt5base5-devel-5.15.2-4.4.mga8

from qtbase5-5.15.2-4.4.mga8.src.rpm
Comment 6 Herman Viaene 2021-10-18 11:54:55 CEST 
MGA8-64 Plasma on Lenovo B50
No installation issues.
Rebooted and all looks fine.

CC: (none) => herman.viaene

Comment 7 Thomas Andrews 2021-10-25 18:26:54 CEST 
Probook 6550b, MGA8-64 Plasma.

No installation issues here, either. Using it a few days now, with no regressions noted. Giving it an OK, and validating.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2021-10-26 23:10:21 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 8 Mageia Robot 2021-10-27 14:14:48 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0493.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.