Moderate: qt5 security, bug fix, and enhancement update

2021-11-0908:31:20

Google

osv.dev

software toolkit

upgrade

upstream version

security fix

cve-2021-3481

out of bounds read

svg file

cvss score

almalinux release notes

AI Score

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

Qt is a software toolkit for developing applications.

The following packages have been upgraded to a later upstream version: adwaita-qt (1.2.1), python-qt5 (5.15.0), qgnomeplatform (0.7.1), qt5 (5.15.2), qt5-qt3d (5.15.2), qt5-qtbase (5.15.2), qt5-qtconnectivity (5.15.2), qt5-qtdeclarative (5.15.2), qt5-qtdoc (5.15.2), qt5-qtgraphicaleffects (5.15.2), qt5-qtimageformats (5.15.2), qt5-qtlocation (5.15.2), qt5-qtmultimedia (5.15.2), qt5-qtquickcontrols (5.15.2), qt5-qtquickcontrols2 (5.15.2), qt5-qtscript (5.15.2), qt5-qtsensors (5.15.2), qt5-qtserialbus (5.15.2), qt5-qtserialport (5.15.2), qt5-qtsvg (5.15.2), qt5-qttools (5.15.2), qt5-qttranslations (5.15.2), qt5-qtwayland (5.15.2), qt5-qtwebchannel (5.15.2), qt5-qtwebsockets (5.15.2), qt5-qtx11extras (5.15.2), qt5-qtxmlpatterns (5.15.2), sip (4.19.24). (BZ#1928156)

Security Fix(es):

qt: Out of bounds read in function QRadialFetchSimd from crafted svg file (CVE-2021-3481)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.