[Bug 1224782] New: CVE-2024-36048 qtnetworkauth: data race and poor seeding in generateRandomString()
https://bugzilla.suse.com/show_bug.cgi?id=1224782 Bug ID: 1224782 Summary: CVE-2024-36048 qtnetworkauth: data race and poor seeding in generateRandomString() Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: christophe@krop.fr QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- (Adding the bug report since I'm preparing the qt6-networkauth fixes) QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values. https://www.cve.org/CVERecord?id=CVE-2024-36048 https://nvd.nist.gov/vuln/detail/CVE-2024-36048 Affected: qt6-networkauth packages in: openSUSE:Factory (6.7.1 packaging in progress) openSUSE:Backports:SLE15-SP5 openSUSE:Backports:SLE15-SP6 libqt5-qtnetworkauth: openSUSE:Factory openSUSE:Backports:SLE15-SP5 openSUSE:Backports:SLE15-SP6 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1224782 Christophe Marin <christophe@krop.fr> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|qa-bugs@suse.de |security-team@suse.de Assignee|security-team@suse.de |opensuse-kde-bugs@opensuse. | |org -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1224782 https://bugzilla.suse.com/show_bug.cgi?id=1224782#c1 --- Comment #1 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1224782) was mentioned in https://build.opensuse.org/request/show/1175484 Backports:SLE-15-SP6 / qt6-networkauth https://build.opensuse.org/request/show/1175487 Backports:SLE-15-SP5 / qt6-networkauth -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1224782 https://bugzilla.suse.com/show_bug.cgi?id=1224782#c3 --- Comment #3 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1224782) was mentioned in https://build.opensuse.org/request/show/1177087 Factory / libqt5-qtnetworkauth -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com