发布于3月6日3月6日 Members Oracle Linux: CVE-2024-39936: ELSA-2024-4623:qt5-qtbase security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 07/04/2024 Created 07/20/2024 Added 08/16/2024 Modified 01/08/2025 Description An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending data to an incorrect or malicious server. Solution(s) oracle-linux-upgrade-qt5-qtbase oracle-linux-upgrade-qt5-qtbase-common oracle-linux-upgrade-qt5-qtbase-devel oracle-linux-upgrade-qt5-qtbase-doc oracle-linux-upgrade-qt5-qtbase-examples oracle-linux-upgrade-qt5-qtbase-gui oracle-linux-upgrade-qt5-qtbase-mysql oracle-linux-upgrade-qt5-qtbase-odbc oracle-linux-upgrade-qt5-qtbase-postgresql oracle-linux-upgrade-qt5-qtbase-private-devel oracle-linux-upgrade-qt5-qtbase-static oracle-linux-upgrade-qt5-rpm-macros References https://attackerkb.com/topics/cve-2024-39936 CVE - 2024-39936 ELSA-2024-4623 ELSA-2024-4617 ELSA-2024-4647
