Bug 2295867 (CVE-2024-39936)

Summary: CVE-2024-39936 qtbase: qtbase: Delay any communication until encrypted() can be responded to
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: manisandro
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending data to an incorrect or malicious server.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2295882, 2295883, 2295884, 2295885    
Bug Blocks:    

Description OSIDB Bzimport 2024-07-04 21:20:33 UTC 
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
Comment 1 Sandro Mani 2024-07-07 16:59:12 UTC 
See https://codereview.qt-project.org/c/qt/qtbase/+/571601
Comment 2 errata-xmlrpc 2024-07-18 13:31:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4617 https://access.redhat.com/errata/RHSA-2024:4617
Comment 3 errata-xmlrpc 2024-07-18 13:41:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:4621 https://access.redhat.com/errata/RHSA-2024:4621
Comment 4 errata-xmlrpc 2024-07-18 13:50:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:4623 https://access.redhat.com/errata/RHSA-2024:4623
Comment 5 errata-xmlrpc 2024-07-18 16:03:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2024:4647 https://access.redhat.com/errata/RHSA-2024:4647
Comment 6 errata-xmlrpc 2024-07-18 16:15:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:4638 https://access.redhat.com/errata/RHSA-2024:4638
Comment 7 errata-xmlrpc 2024-07-18 16:30:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:4644 https://access.redhat.com/errata/RHSA-2024:4644
Comment 8 errata-xmlrpc 2024-07-18 16:31:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:4639 https://access.redhat.com/errata/RHSA-2024:4639
Comment 9 errata-xmlrpc 2024-07-19 10:32:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:4646 https://access.redhat.com/errata/RHSA-2024:4646
Comment 10 errata-xmlrpc 2024-07-19 10:54:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:4645 https://access.redhat.com/errata/RHSA-2024:4645