Bug 1118595 – VUL-0: CVE-2018-15518: libqt4 ,libqt5-qtbase: "double free or corruption" in QXmlStreamReader

Bug 1118595 - (CVE-2018-15518) VUL-0: CVE-2018-15518: libqt4 ,libqt5-qtbase: "double free or corruption" in QXmlStreamReader

(CVE-2018-15518)
Summary:	VUL-0: CVE-2018-15518: libqt4 ,libqt5-qtbase: "double free or corruption" in ...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/220280/
Whiteboard:	CVSSv3:SUSE:CVE-2018-15518:4.0:(AV:L/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-12-06 08:38 UTC by Alexander Bergmann
Modified:	2021-01-27 17:09 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2018-12-06 08:38:08 UTC

CVE-2018-15518, Qt Base: “double free or corruption” in QXmlStreamReader

Fix possible heap corruption in QXmlStream

The value of 'tos' at the check might already be on the last element,
so triggering stack expansion on the second last element is too late.

Change-Id: Ib3ab2662d4d27a71effe9e988b9e172923af2908
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>

Upstream fix:
https://codereview.qt-project.org/#/c/236691/

Comment 1 Alexander Bergmann 2018-12-06 16:33:07 UTC

The affected code in all our Qt versions is located at:

src/corelib/xml/qxmlstream_p.h

Comment 5 Max Lin 2018-12-17 09:29:10 UTC

MRs for libqt5-qtbase has been accepted,back to security team.

Comment 8 Swamp Workflow Management 2018-12-18 20:09:49 UTC

SUSE-SU-2018:4179-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1118595,1118596
CVE References: CVE-2018-15518,CVE-2018-19873
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    libqt5-qtbase-5.6.2-6.15.2
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libqt5-qtbase-5.6.2-6.15.2
SUSE Linux Enterprise Server 12-SP4 (src):    libqt5-qtbase-5.6.2-6.15.2
SUSE Linux Enterprise Server 12-SP3 (src):    libqt5-qtbase-5.6.2-6.15.2
SUSE Linux Enterprise Desktop 12-SP4 (src):    libqt5-qtbase-5.6.2-6.15.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    libqt5-qtbase-5.6.2-6.15.2

Comment 9 Swamp Workflow Management 2018-12-19 14:10:31 UTC

SUSE-SU-2018:4183-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1118595,1118596
CVE References: CVE-2018-15518,CVE-2018-19873
Sources used:
SUSE OpenStack Cloud 7 (src):    libqt5-qtbase-5.6.1-17.6.2
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    libqt5-qtbase-5.6.1-17.6.2
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    libqt5-qtbase-5.6.1-17.6.2
SUSE Linux Enterprise Server 12-SP2-BCL (src):    libqt5-qtbase-5.6.1-17.6.2
SUSE Enterprise Storage 4 (src):    libqt5-qtbase-5.6.1-17.6.2

Comment 10 Swamp Workflow Management 2018-12-21 02:09:58 UTC

SUSE-SU-2018:4210-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1118595,1118596
CVE References: CVE-2018-15518,CVE-2018-19873
Sources used:
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    libqt5-qtbase-5.5.1-8.3.1

Comment 11 Swamp Workflow Management 2018-12-22 23:13:34 UTC

openSUSE-SU-2018:4261-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1118595,1118596
CVE References: CVE-2018-15518,CVE-2018-19873
Sources used:
openSUSE Leap 42.3 (src):    libqt5-qtbase-5.6.2-7.6.1

Comment 12 Swamp Workflow Management 2018-12-28 23:09:01 UTC

SUSE-SU-2018:4294-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1118595,1118596
CVE References: CVE-2018-15518,CVE-2018-19873
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    libqt5-qtbase-5.3.1-4.7.2

Comment 14 Swamp Workflow Management 2019-02-20 11:12:27 UTC

SUSE-SU-2019:0447-1: An update that solves two vulnerabilities and has four fixes is now available.

Category: security (moderate)
Bug References: 1096328,1099874,1108889,1118595,1118596,1120639
CVE References: CVE-2018-15518,CVE-2018-19873
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    libqt5-qtbase-5.9.4-8.11.13
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    libqt5-qtbase-5.9.4-8.11.13
SUSE Linux Enterprise Module for Basesystem 15 (src):    libqt5-qtbase-5.9.4-8.11.13

Comment 15 Swamp Workflow Management 2019-02-27 17:35:18 UTC

openSUSE-SU-2019:0265-1: An update that solves two vulnerabilities and has four fixes is now available.

Category: security (moderate)
Bug References: 1096328,1099874,1108889,1118595,1118596,1120639
CVE References: CVE-2018-15518,CVE-2018-19873
Sources used:
openSUSE Leap 15.0 (src):    libqt5-qtbase-5.9.4-lp150.5.4.1

Comment 16 Swamp Workflow Management 2019-04-27 01:10:13 UTC

SUSE-SU-2018:4210-2: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1118595,1118596
CVE References: CVE-2018-15518,CVE-2018-19873
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    libqt5-qtbase-5.5.1-8.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2020-03-23 20:30:05 UTC

This is an autogenerated message for OBS integration:
This bug (1118595) was mentioned in
https://build.opensuse.org/request/show/787583 15.1 / libqt4

Comment 19 Dirk Mueller 2020-03-23 20:57:21 UTC

I've submitted this for SLE11, SLE12 and Leap 15.1

Comment 21 Swamp Workflow Management 2020-03-23 21:30:07 UTC

This is an autogenerated message for OBS integration:
This bug (1118595) was mentioned in
https://build.opensuse.org/request/show/787587 15.1 / libqt4

Comment 24 Swamp Workflow Management 2020-04-17 13:24:42 UTC

SUSE-SU-2020:1021-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1118595,1118596,1118599,1121214
CVE References: CVE-2018-15518,CVE-2018-19869,CVE-2018-19873
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    libqt4-4.8.7-8.13.1, libqt4-sql-plugins-4.8.7-8.13.1
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    libqt4-4.8.7-8.13.1, libqt4-sql-plugins-4.8.7-8.13.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libqt4-4.8.7-8.13.1, libqt4-devel-doc-4.8.7-8.13.1, libqt4-sql-plugins-4.8.7-8.13.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    libqt4-4.8.7-8.13.1, libqt4-devel-doc-4.8.7-8.13.1, libqt4-sql-plugins-4.8.7-8.13.1
SUSE Linux Enterprise Server 12-SP5 (src):    libqt4-4.8.7-8.13.1, libqt4-devel-doc-4.8.7-8.13.1, libqt4-sql-plugins-4.8.7-8.13.1
SUSE Linux Enterprise Server 12-SP4 (src):    libqt4-4.8.7-8.13.1, libqt4-devel-doc-4.8.7-8.13.1, libqt4-sql-plugins-4.8.7-8.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 OBSbugzilla Bot 2020-09-14 17:10:07 UTC

This is an autogenerated message for OBS integration:
This bug (1118595) was mentioned in
https://build.opensuse.org/request/show/834336 15.1 / libqt4

Comment 26 Swamp Workflow Management 2020-09-18 22:16:25 UTC

openSUSE-SU-2020:1452-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1118595,1118596,1118599,1121214,1176315
CVE References: CVE-2018-15518,CVE-2018-19869,CVE-2018-19873,CVE-2020-17507
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    libqt4-4.8.7-lp151.9.3.1, libqt4-devel-doc-4.8.7-lp151.9.3.1, libqt4-sql-plugins-4.8.7-lp151.9.3.1

Comment 27 Swamp Workflow Management 2020-09-22 13:14:30 UTC

openSUSE-SU-2020:1500-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1118595,1118596,1118599,1121214,1176315
CVE References: CVE-2018-15518,CVE-2018-19869,CVE-2018-19873,CVE-2020-17507
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP1 (src):    libqt4-4.8.7-bp151.4.3.1, libqt4-devel-doc-4.8.7-bp151.4.3.1, libqt4-sql-plugins-4.8.7-bp151.4.3.1

Comment 28 Swamp Workflow Management 2020-09-22 16:21:52 UTC

openSUSE-SU-2020:1501-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1118595,1118596,1118599,1121214,1176315
CVE References: CVE-2018-15518,CVE-2018-19869,CVE-2018-19873,CVE-2020-17507
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    libqt4-4.8.7-lp152.10.3.1, libqt4-devel-doc-4.8.7-lp152.10.3.1, libqt4-sql-plugins-4.8.7-lp152.10.3.1

Comment 29 Swamp Workflow Management 2020-09-25 22:19:35 UTC

openSUSE-SU-2020:1530-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1118595,1118596,1118599,1121214,1176315
CVE References: CVE-2018-15518,CVE-2018-19869,CVE-2018-19873,CVE-2020-17507
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    libqt4-4.8.7-bp152.4.3.1, libqt4-devel-doc-4.8.7-bp152.4.3.1, libqt4-sql-plugins-4.8.7-bp152.4.3.1

Comment 32 Alexandros Toptsoglou 2021-01-27 17:09:10 UTC

DONE