Amazon Linux 2 Security Advisory: ALAS-2024-2665
Advisory Release Date: 2024-10-24 23:54 Pacific
Advisory Updated Date: 2024-10-31 18:00 Pacific
Severity:
Important
Issue Overview:
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. (CVE-2024-39936)
Affected Packages:
qt5-qtserialport
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update qt5-qtserialport to update your system.
New Packages:
aarch64:
qt5-qtserialport-5.15.3-1.amzn2.0.1.aarch64
qt5-qtserialport-devel-5.15.3-1.amzn2.0.1.aarch64
qt5-qtserialport-examples-5.15.3-1.amzn2.0.1.aarch64
qt5-qtserialport-debuginfo-5.15.3-1.amzn2.0.1.aarch64
i686:
qt5-qtserialport-5.15.3-1.amzn2.0.1.i686
qt5-qtserialport-devel-5.15.3-1.amzn2.0.1.i686
qt5-qtserialport-examples-5.15.3-1.amzn2.0.1.i686
qt5-qtserialport-debuginfo-5.15.3-1.amzn2.0.1.i686
src:
qt5-qtserialport-5.15.3-1.amzn2.0.1.src
x86_64:
qt5-qtserialport-5.15.3-1.amzn2.0.1.x86_64
qt5-qtserialport-devel-5.15.3-1.amzn2.0.1.x86_64
qt5-qtserialport-examples-5.15.3-1.amzn2.0.1.x86_64
qt5-qtserialport-debuginfo-5.15.3-1.amzn2.0.1.x86_64