{"id":"RLSA-2021:4172","summary":"Moderate: qt5 security, bug fix, and enhancement update","details":"Qt is a software toolkit for developing applications.\n\nThe following packages have been upgraded to a later upstream version: adwaita-qt (1.2.1), python-qt5 (5.15.0), qgnomeplatform (0.7.1), qt5 (5.15.2), qt5-qt3d (5.15.2), qt5-qtbase (5.15.2), qt5-qtconnectivity (5.15.2), qt5-qtdeclarative (5.15.2), qt5-qtdoc (5.15.2), qt5-qtgraphicaleffects (5.15.2), qt5-qtimageformats (5.15.2), qt5-qtlocation (5.15.2), qt5-qtmultimedia (5.15.2), qt5-qtquickcontrols (5.15.2), qt5-qtquickcontrols2 (5.15.2), qt5-qtscript (5.15.2), qt5-qtsensors (5.15.2), qt5-qtserialbus (5.15.2), qt5-qtserialport (5.15.2), qt5-qtsvg (5.15.2), qt5-qttools (5.15.2), qt5-qttranslations (5.15.2), qt5-qtwayland (5.15.2), qt5-qtwebchannel (5.15.2), qt5-qtwebsockets (5.15.2), qt5-qtx11extras (5.15.2), qt5-qtxmlpatterns (5.15.2), sip (4.19.24). (BZ#1928156)\n\nSecurity Fix(es):\n\n* qt: Out of bounds read in function QRadialFetchSimd from crafted svg file (CVE-2021-3481)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.","modified":"2026-02-05T14:45:03.912338Z","published":"2021-11-09T08:31:20Z","upstream":["CVE-2021-3481"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2021:4172"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1928156"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930039"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930040"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930041"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930042"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930043"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930044"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930045"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930046"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930047"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930048"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930049"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930050"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930051"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930052"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930053"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930054"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930055"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930056"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930057"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930058"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930059"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930060"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930061"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930062"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930063"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930073"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930074"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1931444"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949066"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949080"}],"affected":[{"package":{"name":"adwaita-qt","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/adwaita-qt?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.1-3.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4172.json"}},{"package":{"name":"python-qt5","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-qt5?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.15.0-2.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4172.json"}},{"package":{"name":"qgnomeplatform","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/qgnomeplatform?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.7.1-2.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4172.json"}},{"package":{"name":"sip","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/sip?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.19.24-2.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4172.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}