{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Qt ist eine C++ Klassenbibliothek für die plattformübergreifende Programmierung grafischer Benutzeroberflächen.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in QT ausnutzen, um Informationen offenzulegen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2024-1526 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1526.json" }, { "category" : "self", "summary" : "WID-SEC-2024-1526 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1526" }, { "category" : "external", "summary" : "NIST Vulnerability Database vom 2024-07-04", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2024-39936" }, { "category" : "external", "summary" : "Red Hat Bugzilla vom 2024-07-04", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2295867" }, { "category" : "external", "summary" : "QT Code Review vom 2024-07-04", "url" : "https://codereview.qt-project.org/c/qt/qtbase/+/571601" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2024-9BF3FF4133 vom 2024-07-08", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-9bf3ff4133" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2024-903B88B49E vom 2024-07-10", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-903b88b49e" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2024-E7EF063416 vom 2024-07-11", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-e7ef063416" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2024:4623 vom 2024-07-18", "url" : "https://access.redhat.com/errata/RHSA-2024:4623" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2024-4623 vom 2024-07-19", "url" : "https://linux.oracle.com/errata/ELSA-2024-4623.html" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2024-4617 vom 2024-07-18", "url" : "https://linux.oracle.com/errata/ELSA-2024-4617.html" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2024:4617 vom 2024-07-18", "url" : "https://access.redhat.com/errata/RHSA-2024:4617" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2024:4621 vom 2024-07-18", "url" : "https://access.redhat.com/errata/RHSA-2024:4621" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2024:4638 vom 2024-07-19", "url" : "https://access.redhat.com/errata/RHSA-2024:4638" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2024:4639 vom 2024-07-19", "url" : "https://access.redhat.com/errata/RHSA-2024:4639" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2024:4644 vom 2024-07-19", "url" : "https://access.redhat.com/errata/RHSA-2024:4644" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2024:4647 vom 2024-07-19", "url" : "https://access.redhat.com/errata/RHSA-2024:4647" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2024:4646 vom 2024-07-19", "url" : "https://access.redhat.com/errata/RHSA-2024:4646" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2024:4645 vom 2024-07-19", "url" : "https://access.redhat.com/errata/RHSA-2024:4645" }, { "category" : "external", "summary" : "Rocky Linux Security Advisory RLSA-2024:4617 vom 2024-07-26", "url" : "https://errata.build.resf.org/RLSA-2024:4617" }, { "category" : "external", "summary" : "Rocky Linux Security Advisory RLSA-2024:4623 vom 2024-07-26", "url" : "https://errata.build.resf.org/RLSA-2024:4623" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2024-C37B7A4E71 vom 2024-07-30", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-c37b7a4e71" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2024-81C4B76A71 vom 2024-07-30", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-81c4b76a71" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2024:2883-1 vom 2024-08-12", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019169.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2024:2875-1 vom 2024-08-12", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019177.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2024:2883-1 vom 2024-08-12", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019167.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2024:2873-1 vom 2024-08-12", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019178.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2024:2883-1 vom 2024-08-12", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019168.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2024:2883-1 vom 2024-08-12", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019166.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2024:2882-1 vom 2024-08-12", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019171.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2024:2883-1 vom 2024-08-12", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019170.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2024:2890-1 vom 2024-08-13", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019180.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2024:2946-1 vom 2024-08-16", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019213.html" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2024-4647 vom 2024-09-09", "url" : "https://linux.oracle.com/errata/ELSA-2024-4647.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2673 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2673.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2671 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2671.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2670 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2670.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2669 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2669.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2668 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2668.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2675 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2675.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2674 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2674.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2672 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2672.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2666 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2666.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2665 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2665.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2664 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2664.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2667 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2667.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2662 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2662.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2663 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2663.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2660 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2660.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2661 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2661.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2659 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2659.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2678 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2678.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2677 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2677.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2024-2676 vom 2024-11-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2676.html" }, { "category" : "external", "summary" : "XEROX Security Advisory XRX25-012 vom 2025-06-02", "url" : "https://security.business.xerox.com/wp-content/uploads/2025/06/Xerox-Security-Bulletin-XRX25-012-for-Xerox-FreeFlow-Print-Server-v9.pdf" }, { "category" : "external", "summary" : "Gentoo Linux Security Advisory GLSA-202506-06 vom 2025-06-12", "url" : "https://security.gentoo.org/glsa/202506-06" }, { "category" : "external", "summary" : "Debian Security Advisory DLA-4387 vom 2025-11-29", "url" : "https://lists.debian.org/debian-lts-announce/2025/11/msg00031.html" }, { "category" : "external", "summary" : "Ubuntu Security Notice USN-8076-1 vom 2026-03-06", "url" : "https://ubuntu.com/security/notices/USN-8076-1" } ], "source_lang" : "en-US", "title" : "QT: Schwachstelle ermöglicht Offenlegung von Informationen", "tracking" : { "current_release_date" : "2026-03-05T23:00:00.000+00:00", "generator" : { "date" : "2026-03-06T10:29:15.937+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2024-1526", "initial_release_date" : "2024-07-04T22:00:00.000+00:00", "revision_history" : [ { "date" : "2024-07-04T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2024-07-07T22:00:00.000+00:00", "number" : "2", "summary" : "Neue Updates von Fedora aufgenommen" }, { "date" : "2024-07-09T22:00:00.000+00:00", "number" : "3", "summary" : "Neue Updates von Fedora aufgenommen" }, { "date" : "2024-07-10T22:00:00.000+00:00", "number" : "4", "summary" : "Neue Updates von Fedora aufgenommen" }, { "date" : "2024-07-18T22:00:00.000+00:00", "number" : "5", "summary" : "Neue Updates von Red Hat und Oracle Linux aufgenommen" }, { "date" : "2024-07-21T22:00:00.000+00:00", "number" : "6", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2024-07-28T22:00:00.000+00:00", "number" : "7", "summary" : "Neue Updates von Rocky Enterprise Software Foundation aufgenommen" }, { "date" : "2024-07-30T22:00:00.000+00:00", "number" : "8", "summary" : "Neue Updates von Fedora aufgenommen" }, { "date" : "2024-08-12T22:00:00.000+00:00", "number" : "9", "summary" : "Neue Updates von SUSE aufgenommen" }, { "date" : "2024-08-13T22:00:00.000+00:00", "number" : "10", "summary" : "Neue Updates von SUSE aufgenommen" }, { "date" : "2024-08-18T22:00:00.000+00:00", "number" : "11", "summary" : "Neue Updates von SUSE aufgenommen" }, { "date" : "2024-09-09T22:00:00.000+00:00", "number" : "12", "summary" : "Neue Updates von Oracle Linux aufgenommen" }, { "date" : "2024-10-31T23:00:00.000+00:00", "number" : "13", "summary" : "Neue Updates von Amazon aufgenommen" }, { "date" : "2025-06-02T22:00:00.000+00:00", "number" : "14", "summary" : "Neue Updates von XEROX aufgenommen" }, { "date" : "2025-06-12T22:00:00.000+00:00", "number" : "15", "summary" : "Neue Updates von Gentoo aufgenommen" }, { "date" : "2025-11-30T23:00:00.000+00:00", "number" : "16", "summary" : "Neue Updates von Debian aufgenommen" }, { "date" : "2026-03-05T23:00:00.000+00:00", "number" : "17", "summary" : "Neue Updates von Ubuntu aufgenommen" } ], "status" : "final", "version" : "17" } }, "product_tree" : { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Amazon Linux 2", "product" : { "name" : "Amazon Linux 2", "product_id" : "398363", "product_identification_helper" : { "cpe" : "cpe:/o:amazon:linux_2:-" } } } ], "category" : "vendor", "name" : "Amazon" }, { "branches" : [ { "category" : "product_name", "name" : "Debian Linux", "product" : { "name" : "Debian Linux", "product_id" : "2951", "product_identification_helper" : { "cpe" : "cpe:/o:debian:debian_linux:-" } } } ], "category" : "vendor", "name" : "Debian" }, { "branches" : [ { "category" : "product_name", "name" : "Fedora Linux", "product" : { "name" : "Fedora Linux", "product_id" : "74185", "product_identification_helper" : { "cpe" : "cpe:/o:fedoraproject:fedora:-" } } } ], "category" : "vendor", "name" : "Fedora" }, { "branches" : [ { "category" : "product_name", "name" : "Gentoo Linux", "product" : { "name" : "Gentoo Linux", "product_id" : "T012167", "product_identification_helper" : { "cpe" : "cpe:/o:gentoo:linux:-" } } } ], "category" : "vendor", "name" : "Gentoo" }, { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<5.15.18", "product" : { "name" : "Open Source QT <5.15.18", "product_id" : "T035839" } }, { "category" : "product_version", "name" : "5.15.18", "product" : { "name" : "Open Source QT 5.15.18", "product_id" : "T035839-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:qt:qt:5.15.18" } } }, { "category" : "product_version_range", "name" : "<6.2.13", "product" : { "name" : "Open Source QT <6.2.13", "product_id" : "T035840" } }, { "category" : "product_version", "name" : "6.2.13", "product" : { "name" : "Open Source QT 6.2.13", "product_id" : "T035840-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:qt:qt:6.2.13" } } }, { "category" : "product_version_range", "name" : "<6.5.7", "product" : { "name" : "Open Source QT <6.5.7", "product_id" : "T035841" } }, { "category" : "product_version", "name" : "6.5.7", "product" : { "name" : "Open Source QT 6.5.7", "product_id" : "T035841-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:qt:qt:6.5.7" } } }, { "category" : "product_version_range", "name" : "<6.7.3", "product" : { "name" : "Open Source QT <6.7.3", "product_id" : "T035842" } }, { "category" : "product_version", "name" : "6.7.3", "product" : { "name" : "Open Source QT 6.7.3", "product_id" : "T035842-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:qt:qt:6.7.3" } } } ], "category" : "product_name", "name" : "QT" } ], "category" : "vendor", "name" : "Open Source" }, { "branches" : [ { "category" : "product_name", "name" : "Oracle Linux", "product" : { "name" : "Oracle Linux", "product_id" : "T004914", "product_identification_helper" : { "cpe" : "cpe:/o:oracle:linux:-" } } } ], "category" : "vendor", "name" : "Oracle" }, { "branches" : [ { "category" : "product_name", "name" : "RESF Rocky Linux", "product" : { "name" : "RESF Rocky Linux", "product_id" : "T032255", "product_identification_helper" : { "cpe" : "cpe:/o:resf:rocky_linux:-" } } } ], "category" : "vendor", "name" : "RESF" }, { "branches" : [ { "category" : "product_name", "name" : "Red Hat Enterprise Linux", "product" : { "name" : "Red Hat Enterprise Linux", "product_id" : "67646", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:-" } } } ], "category" : "vendor", "name" : "Red Hat" }, { "branches" : [ { "category" : "product_name", "name" : "SUSE Linux", "product" : { "name" : "SUSE Linux", "product_id" : "T002207", "product_identification_helper" : { "cpe" : "cpe:/o:suse:suse_linux:-" } } } ], "category" : "vendor", "name" : "SUSE" }, { "branches" : [ { "category" : "product_name", "name" : "Ubuntu Linux", "product" : { "name" : "Ubuntu Linux", "product_id" : "T000126", "product_identification_helper" : { "cpe" : "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category" : "vendor", "name" : "Ubuntu" }, { "branches" : [ { "branches" : [ { "category" : "product_version", "name" : "9", "product" : { "name" : "Xerox FreeFlow Print Server 9", "product_id" : "T002977", "product_identification_helper" : { "cpe" : "cpe:/a:xerox:freeflow_print_server:9" } } } ], "category" : "product_name", "name" : "FreeFlow Print Server" } ], "category" : "vendor", "name" : "Xerox" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2024-39936", "product_status" : { "known_affected" : [ "T035842", "67646", "T002977", "T012167", "T004914", "T035841", "T032255", "T035840", "74185", "2951", "T002207", "T000126", "398363", "T035839" ] }, "release_date" : "2024-07-04T22:00:00.000+00:00", "title" : "CVE-2024-39936" } ] }