ALT-PU-2025-12322-1
Package qt5-base updated to version 5.15.17-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Published: 2024-05-18
BDU:2025-08575
Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с предсказуемым начальным числом в генераторе псевдослучайных чисел, позволяющая нарушителю обойти аутентификацию
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2024-05-18
Modified: 2025-06-30
Modified: 2025-06-30
CVE-2024-36048
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317
- https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/
- https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317
- https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/