Oracle Linux: CVE-2023-38197: ELSA-2023-6369: qt5 security and bug fix update (MODERATE) (Multiple Advisories)
8
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
07/12/2023
11/18/2023
11/16/2023
12/05/2024
Description
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. A vulnerability was found in Qtbase, where it is vulnerable to a denial of service caused by an infinite loop flaw in the QXmlStreamReader() function. This flaw occurs because the QXmlStreamReader function accepts multiple DOCTYPE elements containing DTD fragments in the XML prolog and the XML body. Well-formed but invalid XML files - with multiple DTD fragments in prolog and body, combined with recursive entity expansions, causes infinite loops in QXmlStreamReader. By persuading a victim to open specially crafted XML content, an attacker can cause a denial of service condition.
Solution(s)
- oracle-linux-upgrade-adwaita-qt5
- oracle-linux-upgrade-libadwaita-qt5
- oracle-linux-upgrade-python3-pyqt5-sip
- oracle-linux-upgrade-python3-qt5
- oracle-linux-upgrade-python3-qt5-base
- oracle-linux-upgrade-python3-qt5-devel
- oracle-linux-upgrade-python-qt5-rpm-macros
- oracle-linux-upgrade-qgnomeplatform
- oracle-linux-upgrade-qt5
- oracle-linux-upgrade-qt5-assistant
- oracle-linux-upgrade-qt5-designer
- oracle-linux-upgrade-qt5-devel
- oracle-linux-upgrade-qt5-doctools
- oracle-linux-upgrade-qt5-linguist
- oracle-linux-upgrade-qt5-qdbusviewer
- oracle-linux-upgrade-qt5-qt3d
- oracle-linux-upgrade-qt5-qt3d-devel
- oracle-linux-upgrade-qt5-qt3d-doc
- oracle-linux-upgrade-qt5-qt3d-examples
- oracle-linux-upgrade-qt5-qtbase
- oracle-linux-upgrade-qt5-qtbase-common
- oracle-linux-upgrade-qt5-qtbase-devel
- oracle-linux-upgrade-qt5-qtbase-doc
- oracle-linux-upgrade-qt5-qtbase-examples
- oracle-linux-upgrade-qt5-qtbase-gui
- oracle-linux-upgrade-qt5-qtbase-mysql
- oracle-linux-upgrade-qt5-qtbase-odbc
- oracle-linux-upgrade-qt5-qtbase-postgresql
- oracle-linux-upgrade-qt5-qtbase-private-devel
- oracle-linux-upgrade-qt5-qtbase-static
- oracle-linux-upgrade-qt5-qtconnectivity
- oracle-linux-upgrade-qt5-qtconnectivity-devel
- oracle-linux-upgrade-qt5-qtconnectivity-doc
- oracle-linux-upgrade-qt5-qtconnectivity-examples
- oracle-linux-upgrade-qt5-qtdeclarative
- oracle-linux-upgrade-qt5-qtdeclarative-devel
- oracle-linux-upgrade-qt5-qtdeclarative-doc
- oracle-linux-upgrade-qt5-qtdeclarative-examples
- oracle-linux-upgrade-qt5-qtdeclarative-static
- oracle-linux-upgrade-qt5-qtdoc
- oracle-linux-upgrade-qt5-qtgraphicaleffects
- oracle-linux-upgrade-qt5-qtgraphicaleffects-doc
- oracle-linux-upgrade-qt5-qtimageformats
- oracle-linux-upgrade-qt5-qtimageformats-doc
- oracle-linux-upgrade-qt5-qtlocation
- oracle-linux-upgrade-qt5-qtlocation-devel
- oracle-linux-upgrade-qt5-qtlocation-doc
- oracle-linux-upgrade-qt5-qtlocation-examples
- oracle-linux-upgrade-qt5-qtmultimedia
- oracle-linux-upgrade-qt5-qtmultimedia-devel
- oracle-linux-upgrade-qt5-qtmultimedia-doc
- oracle-linux-upgrade-qt5-qtmultimedia-examples
- oracle-linux-upgrade-qt5-qtquickcontrols
- oracle-linux-upgrade-qt5-qtquickcontrols2
- oracle-linux-upgrade-qt5-qtquickcontrols2-devel
- oracle-linux-upgrade-qt5-qtquickcontrols2-doc
- oracle-linux-upgrade-qt5-qtquickcontrols2-examples
- oracle-linux-upgrade-qt5-qtquickcontrols-doc
- oracle-linux-upgrade-qt5-qtquickcontrols-examples
- oracle-linux-upgrade-qt5-qtscript
- oracle-linux-upgrade-qt5-qtscript-devel
- oracle-linux-upgrade-qt5-qtscript-doc
- oracle-linux-upgrade-qt5-qtscript-examples
- oracle-linux-upgrade-qt5-qtsensors
- oracle-linux-upgrade-qt5-qtsensors-devel
- oracle-linux-upgrade-qt5-qtsensors-doc
- oracle-linux-upgrade-qt5-qtsensors-examples
- oracle-linux-upgrade-qt5-qtserialbus
- oracle-linux-upgrade-qt5-qtserialbus-devel
- oracle-linux-upgrade-qt5-qtserialbus-doc
- oracle-linux-upgrade-qt5-qtserialbus-examples
- oracle-linux-upgrade-qt5-qtserialport
- oracle-linux-upgrade-qt5-qtserialport-devel
- oracle-linux-upgrade-qt5-qtserialport-doc
- oracle-linux-upgrade-qt5-qtserialport-examples
- oracle-linux-upgrade-qt5-qtsvg
- oracle-linux-upgrade-qt5-qtsvg-devel
- oracle-linux-upgrade-qt5-qtsvg-doc
- oracle-linux-upgrade-qt5-qtsvg-examples
- oracle-linux-upgrade-qt5-qttools
- oracle-linux-upgrade-qt5-qttools-common
- oracle-linux-upgrade-qt5-qttools-devel
- oracle-linux-upgrade-qt5-qttools-doc
- oracle-linux-upgrade-qt5-qttools-examples
- oracle-linux-upgrade-qt5-qttools-libs-designer
- oracle-linux-upgrade-qt5-qttools-libs-designercomponents
- oracle-linux-upgrade-qt5-qttools-libs-help
- oracle-linux-upgrade-qt5-qttools-static
- oracle-linux-upgrade-qt5-qttranslations
- oracle-linux-upgrade-qt5-qtwayland
- oracle-linux-upgrade-qt5-qtwayland-devel
- oracle-linux-upgrade-qt5-qtwayland-doc
- oracle-linux-upgrade-qt5-qtwayland-examples
- oracle-linux-upgrade-qt5-qtwebchannel
- oracle-linux-upgrade-qt5-qtwebchannel-devel
- oracle-linux-upgrade-qt5-qtwebchannel-doc
- oracle-linux-upgrade-qt5-qtwebchannel-examples
- oracle-linux-upgrade-qt5-qtwebsockets
- oracle-linux-upgrade-qt5-qtwebsockets-devel
- oracle-linux-upgrade-qt5-qtwebsockets-doc
- oracle-linux-upgrade-qt5-qtwebsockets-examples
- oracle-linux-upgrade-qt5-qtx11extras
- oracle-linux-upgrade-qt5-qtx11extras-devel
- oracle-linux-upgrade-qt5-qtx11extras-doc
- oracle-linux-upgrade-qt5-qtxmlpatterns
- oracle-linux-upgrade-qt5-qtxmlpatterns-devel
- oracle-linux-upgrade-qt5-qtxmlpatterns-doc
- oracle-linux-upgrade-qt5-qtxmlpatterns-examples
- oracle-linux-upgrade-qt5-rpm-macros
- oracle-linux-upgrade-qt5-srpm-macros
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center