Security update for libqt4

Announcement ID:	SUSE-SU-2025:02968-1
Release Date:	2025-08-25T06:20:49Z
Rating:	important
References:	bsc#1196654 bsc#1211298 bsc#1211798 bsc#1211994 bsc#1213326 bsc#1214327 bsc#1245609 bsc#357727 bsc#552218 bsc#656144 bsc#717127 bsc#875470
Cross-References:	CVE-2021-45930 CVE-2023-32573 CVE-2023-32763 CVE-2023-34410 CVE-2023-37369 CVE-2023-38197 CVE-2025-5455
CVSS scores:	CVE-2021-45930 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45930 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-32573 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2023-32573 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-32573 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-32763 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-32763 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-34410 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2023-34410 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2023-34410 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2023-37369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-37369 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-38197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-38197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-5455 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-5455 ( NVD ): 8.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:M/U:Clear
Affected Products:	SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves seven vulnerabilities and has five security fixes can now be installed.

Description:

This update for libqt4 fixes the following issues:

• CVE-2021-45930: Fixed out-of-bounds write leading to DoS (bsc#1196654)
• CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont m_unitsPerEm (bsc#1211298)
• CVE-2023-32763: Fixed buffer overflow on QTextLayout during rendering of an SVG file with an image inside (bsc#1211798)
• CVE-2023-34410: Fixed certificate validation not always considering whether the root of a chain is a configured CA certificate (bsc#1211994)
• CVE-2023-37369: Fixed buffer overflow in QXmlStreamReader (bsc#1214327)
• CVE-2023-38197: Fixed infinite loops in QXmlStreamReader (bsc#1213326)
• CVE-2025-5455: Fixed denial of service when qDecodeDataUrl() is called with malformed data and assertions are enabled (bsc#1245609)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2968=1

Package List:

• SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64)
  • libqt4-devel-doc-debugsource-4.8.7-8.22.1
  • libqt4-sql-debuginfo-4.8.7-8.22.1
  • libqt4-sql-plugins-debugsource-4.8.7-8.22.1
  • libqt4-devel-debuginfo-4.8.7-8.22.1
  • libqt4-4.8.7-8.22.1
  • libqt4-devel-doc-4.8.7-8.22.1
  • libqt4-sql-4.8.7-8.22.1
  • libqt4-sql-sqlite-4.8.7-8.22.1
  • libqt4-32bit-4.8.7-8.22.1
  • libqt4-qt3support-4.8.7-8.22.1
  • libqt4-x11-debuginfo-32bit-4.8.7-8.22.1
  • libqt4-x11-debuginfo-4.8.7-8.22.1
  • libqt4-sql-sqlite-debuginfo-4.8.7-8.22.1
  • libqt4-qt3support-32bit-4.8.7-8.22.1
  • libqt4-qt3support-debuginfo-4.8.7-8.22.1
  • qt4-x11-tools-4.8.7-8.22.1
  • libqt4-devel-doc-debuginfo-4.8.7-8.22.1
  • libqt4-qt3support-debuginfo-32bit-4.8.7-8.22.1
  • libqt4-sql-debuginfo-32bit-4.8.7-8.22.1
  • libqt4-sql-mysql-4.8.7-8.22.1
  • libqt4-x11-4.8.7-8.22.1
  • libqt4-devel-4.8.7-8.22.1
  • libqt4-sql-mysql-debuginfo-4.8.7-8.22.1
  • qt4-x11-tools-debuginfo-4.8.7-8.22.1
  • libqt4-debugsource-4.8.7-8.22.1
  • libqt4-x11-32bit-4.8.7-8.22.1
  • libqt4-debuginfo-4.8.7-8.22.1
  • libqt4-debuginfo-32bit-4.8.7-8.22.1
  • libqt4-private-headers-devel-4.8.7-8.22.1
  • libqt4-sql-32bit-4.8.7-8.22.1
• SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch)
  • libqt4-devel-doc-data-4.8.7-8.22.1

References:

• https://www.suse.com/security/cve/CVE-2021-45930.html
• https://www.suse.com/security/cve/CVE-2023-32573.html
• https://www.suse.com/security/cve/CVE-2023-32763.html
• https://www.suse.com/security/cve/CVE-2023-34410.html
• https://www.suse.com/security/cve/CVE-2023-37369.html
• https://www.suse.com/security/cve/CVE-2023-38197.html
• https://www.suse.com/security/cve/CVE-2025-5455.html
• https://bugzilla.suse.com/show_bug.cgi?id=1196654
• https://bugzilla.suse.com/show_bug.cgi?id=1211298
• https://bugzilla.suse.com/show_bug.cgi?id=1211798
• https://bugzilla.suse.com/show_bug.cgi?id=1211994
• https://bugzilla.suse.com/show_bug.cgi?id=1213326
• https://bugzilla.suse.com/show_bug.cgi?id=1214327
• https://bugzilla.suse.com/show_bug.cgi?id=1245609
• https://bugzilla.suse.com/show_bug.cgi?id=357727
• https://bugzilla.suse.com/show_bug.cgi?id=552218
• https://bugzilla.suse.com/show_bug.cgi?id=656144
• https://bugzilla.suse.com/show_bug.cgi?id=717127
• https://bugzilla.suse.com/show_bug.cgi?id=875470