Red Hat Product Errata RHSA-2025:22393 - Security Advisory
Issued:
2025-12-01
Updated:
2025-12-01

RHSA-2025:22393 - Security Advisory

Synopsis

Moderate: qt6-qtsvg security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for qt6-qtsvg is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Scalable Vector Graphics (SVG) is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices.

Security Fix(es):

  • qtsvg: Uncontrolled recursion in Qt SVG module (CVE-2025-10728)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2401244 - CVE-2025-10728 qtsvg: Uncontrolled recursion in Qt SVG module

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
qt6-qtsvg-6.8.1-1.el10_0.2.src.rpm SHA-256: b921d481cc44ca26245e100f1d1828fa6e80d35b534b9a8908158ee2c223fbac
x86_64
qt6-qtsvg-6.8.1-1.el10_0.2.x86_64.rpm SHA-256: 3ede0841bd69c96477cc2949c4acdbf88dc0f0626ae1526e40a2416896fa79aa
qt6-qtsvg-debuginfo-6.8.1-1.el10_0.2.x86_64.rpm SHA-256: 62f912474a99627e2ad0406e6fe1f5905ca3e3e042e15046b0381fe63c71ee93
qt6-qtsvg-debugsource-6.8.1-1.el10_0.2.x86_64.rpm SHA-256: b7c333cc79d197ba148023c91d77ce3ebd5999d59870d7f923dde3ad9b2dc622
qt6-qtsvg-devel-6.8.1-1.el10_0.2.x86_64.rpm SHA-256: 97af7d7f967489acfdbd9fac5dd24aac81abc6dbce3f985cc5cae02d3983e9cb
qt6-qtsvg-tests-debuginfo-6.8.1-1.el10_0.2.x86_64.rpm SHA-256: 3b98571cf07f515d5446f8dad72123104d814ec37352112b7a2b69e1aca5d309

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
qt6-qtsvg-6.8.1-1.el10_0.2.src.rpm SHA-256: b921d481cc44ca26245e100f1d1828fa6e80d35b534b9a8908158ee2c223fbac
s390x
qt6-qtsvg-6.8.1-1.el10_0.2.s390x.rpm SHA-256: a7d1247315cf1f012ab7ac3cd05e23e966a37cc36e209c96b2dc6c3e8148459c
qt6-qtsvg-debuginfo-6.8.1-1.el10_0.2.s390x.rpm SHA-256: 848b7b0f17ef0bdbda19d4c66480242bbc20f0c2b85be544c6a2bb2c00867001
qt6-qtsvg-debugsource-6.8.1-1.el10_0.2.s390x.rpm SHA-256: c6a7198c42e6774ac2fba4de7303590656aee357ff85c1226367983f1c9f212f
qt6-qtsvg-devel-6.8.1-1.el10_0.2.s390x.rpm SHA-256: 724895042393bb44c9cf40a91d132e5e64103e825ccd15c33864bb7303869b08
qt6-qtsvg-tests-debuginfo-6.8.1-1.el10_0.2.s390x.rpm SHA-256: 92ff6dd8eaa7b35bfd0e426adbfafb523bceda4013d99d0e067e4e6ff1ec40f2

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
qt6-qtsvg-6.8.1-1.el10_0.2.src.rpm SHA-256: b921d481cc44ca26245e100f1d1828fa6e80d35b534b9a8908158ee2c223fbac
ppc64le
qt6-qtsvg-6.8.1-1.el10_0.2.ppc64le.rpm SHA-256: eff0342c0b98ccdea28a52f8a6f7e671db5abc9472c6c86f764f7e5fa7aa8823
qt6-qtsvg-debuginfo-6.8.1-1.el10_0.2.ppc64le.rpm SHA-256: 4a59b46fc0e816f508edeb171b6731c00c08112a180a443b07312a512bf5a7d6
qt6-qtsvg-debugsource-6.8.1-1.el10_0.2.ppc64le.rpm SHA-256: d6d94c42990a5e4ea9414d420024215da2dc5516c8ab9ecec5b0c33f446360b7
qt6-qtsvg-devel-6.8.1-1.el10_0.2.ppc64le.rpm SHA-256: 7ece70a8cbd9e0b4fd9a2d70ce9aced4c2c62b6b9b8f2b706e22d28a1c3ec6be
qt6-qtsvg-tests-debuginfo-6.8.1-1.el10_0.2.ppc64le.rpm SHA-256: b791e509b85e0023b3fb10babe99c9c4bd15d05fa145e5072fb0f0773afac6bb

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
qt6-qtsvg-6.8.1-1.el10_0.2.src.rpm SHA-256: b921d481cc44ca26245e100f1d1828fa6e80d35b534b9a8908158ee2c223fbac
aarch64
qt6-qtsvg-6.8.1-1.el10_0.2.aarch64.rpm SHA-256: e9109a8193ebcacca972f20a8f4734604d809fd2fdc54b46a4c19829d303de5e
qt6-qtsvg-debuginfo-6.8.1-1.el10_0.2.aarch64.rpm SHA-256: 703e65a840027f2a5579e1f36ef5e2fe98bbde3b8171018a8907b21560cc9dc4
qt6-qtsvg-debugsource-6.8.1-1.el10_0.2.aarch64.rpm SHA-256: 6f9e06664fd761ba815546e700ae9b12c9014554be4555d8d541de08ab551097
qt6-qtsvg-devel-6.8.1-1.el10_0.2.aarch64.rpm SHA-256: 6d138e6f61b5f2752342fb8ac15420f71acb7ccb2978b07875ecce2ebf53ef2a
qt6-qtsvg-tests-debuginfo-6.8.1-1.el10_0.2.aarch64.rpm SHA-256: 3193001c3da1b0ff1021b3820c7457ca119e569fefd05b29c4e1d697183c195f

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0

SRPM
x86_64
qt6-qtsvg-debuginfo-6.8.1-1.el10_0.2.x86_64.rpm SHA-256: 62f912474a99627e2ad0406e6fe1f5905ca3e3e042e15046b0381fe63c71ee93
qt6-qtsvg-debugsource-6.8.1-1.el10_0.2.x86_64.rpm SHA-256: b7c333cc79d197ba148023c91d77ce3ebd5999d59870d7f923dde3ad9b2dc622
qt6-qtsvg-examples-6.8.1-1.el10_0.2.x86_64.rpm SHA-256: 5eb7f6a821b1a9b00246c1eb7748450c2618342d74965ec41fd70a774e4ba1df
qt6-qtsvg-tests-debuginfo-6.8.1-1.el10_0.2.x86_64.rpm SHA-256: 3b98571cf07f515d5446f8dad72123104d814ec37352112b7a2b69e1aca5d309

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0

SRPM
ppc64le
qt6-qtsvg-debuginfo-6.8.1-1.el10_0.2.ppc64le.rpm SHA-256: 4a59b46fc0e816f508edeb171b6731c00c08112a180a443b07312a512bf5a7d6
qt6-qtsvg-debugsource-6.8.1-1.el10_0.2.ppc64le.rpm SHA-256: d6d94c42990a5e4ea9414d420024215da2dc5516c8ab9ecec5b0c33f446360b7
qt6-qtsvg-examples-6.8.1-1.el10_0.2.ppc64le.rpm SHA-256: 4d859d2f5052f0b39374c84b4a0af5367bd23135bd23bca4445738e62c1f7ac0
qt6-qtsvg-tests-debuginfo-6.8.1-1.el10_0.2.ppc64le.rpm SHA-256: b791e509b85e0023b3fb10babe99c9c4bd15d05fa145e5072fb0f0773afac6bb

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0

SRPM
s390x
qt6-qtsvg-debuginfo-6.8.1-1.el10_0.2.s390x.rpm SHA-256: 848b7b0f17ef0bdbda19d4c66480242bbc20f0c2b85be544c6a2bb2c00867001
qt6-qtsvg-debugsource-6.8.1-1.el10_0.2.s390x.rpm SHA-256: c6a7198c42e6774ac2fba4de7303590656aee357ff85c1226367983f1c9f212f
qt6-qtsvg-examples-6.8.1-1.el10_0.2.s390x.rpm SHA-256: 7ff2fae281970930fd4cb6e13e4866fd4472f3aa62ddfb8f5f2cfdc8afe445fd
qt6-qtsvg-tests-debuginfo-6.8.1-1.el10_0.2.s390x.rpm SHA-256: 92ff6dd8eaa7b35bfd0e426adbfafb523bceda4013d99d0e067e4e6ff1ec40f2

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0

SRPM
aarch64
qt6-qtsvg-debuginfo-6.8.1-1.el10_0.2.aarch64.rpm SHA-256: 703e65a840027f2a5579e1f36ef5e2fe98bbde3b8171018a8907b21560cc9dc4
qt6-qtsvg-debugsource-6.8.1-1.el10_0.2.aarch64.rpm SHA-256: 6f9e06664fd761ba815546e700ae9b12c9014554be4555d8d541de08ab551097
qt6-qtsvg-examples-6.8.1-1.el10_0.2.aarch64.rpm SHA-256: 4572470e9cbf6934774424cb50a00150f26404d3139e1035b8f79ff536fbacea
qt6-qtsvg-tests-debuginfo-6.8.1-1.el10_0.2.aarch64.rpm SHA-256: 3193001c3da1b0ff1021b3820c7457ca119e569fefd05b29c4e1d697183c195f

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
qt6-qtsvg-6.8.1-1.el10_0.2.src.rpm SHA-256: b921d481cc44ca26245e100f1d1828fa6e80d35b534b9a8908158ee2c223fbac
aarch64
qt6-qtsvg-6.8.1-1.el10_0.2.aarch64.rpm SHA-256: e9109a8193ebcacca972f20a8f4734604d809fd2fdc54b46a4c19829d303de5e
qt6-qtsvg-debuginfo-6.8.1-1.el10_0.2.aarch64.rpm SHA-256: 703e65a840027f2a5579e1f36ef5e2fe98bbde3b8171018a8907b21560cc9dc4
qt6-qtsvg-debugsource-6.8.1-1.el10_0.2.aarch64.rpm SHA-256: 6f9e06664fd761ba815546e700ae9b12c9014554be4555d8d541de08ab551097
qt6-qtsvg-devel-6.8.1-1.el10_0.2.aarch64.rpm SHA-256: 6d138e6f61b5f2752342fb8ac15420f71acb7ccb2978b07875ecce2ebf53ef2a
qt6-qtsvg-tests-debuginfo-6.8.1-1.el10_0.2.aarch64.rpm SHA-256: 3193001c3da1b0ff1021b3820c7457ca119e569fefd05b29c4e1d697183c195f

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
qt6-qtsvg-6.8.1-1.el10_0.2.src.rpm SHA-256: b921d481cc44ca26245e100f1d1828fa6e80d35b534b9a8908158ee2c223fbac
s390x
qt6-qtsvg-6.8.1-1.el10_0.2.s390x.rpm SHA-256: a7d1247315cf1f012ab7ac3cd05e23e966a37cc36e209c96b2dc6c3e8148459c
qt6-qtsvg-debuginfo-6.8.1-1.el10_0.2.s390x.rpm SHA-256: 848b7b0f17ef0bdbda19d4c66480242bbc20f0c2b85be544c6a2bb2c00867001
qt6-qtsvg-debugsource-6.8.1-1.el10_0.2.s390x.rpm SHA-256: c6a7198c42e6774ac2fba4de7303590656aee357ff85c1226367983f1c9f212f
qt6-qtsvg-devel-6.8.1-1.el10_0.2.s390x.rpm SHA-256: 724895042393bb44c9cf40a91d132e5e64103e825ccd15c33864bb7303869b08
qt6-qtsvg-tests-debuginfo-6.8.1-1.el10_0.2.s390x.rpm SHA-256: 92ff6dd8eaa7b35bfd0e426adbfafb523bceda4013d99d0e067e4e6ff1ec40f2

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
qt6-qtsvg-6.8.1-1.el10_0.2.src.rpm SHA-256: b921d481cc44ca26245e100f1d1828fa6e80d35b534b9a8908158ee2c223fbac
ppc64le
qt6-qtsvg-6.8.1-1.el10_0.2.ppc64le.rpm SHA-256: eff0342c0b98ccdea28a52f8a6f7e671db5abc9472c6c86f764f7e5fa7aa8823
qt6-qtsvg-debuginfo-6.8.1-1.el10_0.2.ppc64le.rpm SHA-256: 4a59b46fc0e816f508edeb171b6731c00c08112a180a443b07312a512bf5a7d6
qt6-qtsvg-debugsource-6.8.1-1.el10_0.2.ppc64le.rpm SHA-256: d6d94c42990a5e4ea9414d420024215da2dc5516c8ab9ecec5b0c33f446360b7
qt6-qtsvg-devel-6.8.1-1.el10_0.2.ppc64le.rpm SHA-256: 7ece70a8cbd9e0b4fd9a2d70ce9aced4c2c62b6b9b8f2b706e22d28a1c3ec6be
qt6-qtsvg-tests-debuginfo-6.8.1-1.el10_0.2.ppc64le.rpm SHA-256: b791e509b85e0023b3fb10babe99c9c4bd15d05fa145e5072fb0f0773afac6bb

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
qt6-qtsvg-6.8.1-1.el10_0.2.src.rpm SHA-256: b921d481cc44ca26245e100f1d1828fa6e80d35b534b9a8908158ee2c223fbac
x86_64
qt6-qtsvg-6.8.1-1.el10_0.2.x86_64.rpm SHA-256: 3ede0841bd69c96477cc2949c4acdbf88dc0f0626ae1526e40a2416896fa79aa
qt6-qtsvg-debuginfo-6.8.1-1.el10_0.2.x86_64.rpm SHA-256: 62f912474a99627e2ad0406e6fe1f5905ca3e3e042e15046b0381fe63c71ee93
qt6-qtsvg-debugsource-6.8.1-1.el10_0.2.x86_64.rpm SHA-256: b7c333cc79d197ba148023c91d77ce3ebd5999d59870d7f923dde3ad9b2dc622
qt6-qtsvg-devel-6.8.1-1.el10_0.2.x86_64.rpm SHA-256: 97af7d7f967489acfdbd9fac5dd24aac81abc6dbce3f985cc5cae02d3983e9cb
qt6-qtsvg-tests-debuginfo-6.8.1-1.el10_0.2.x86_64.rpm SHA-256: 3b98571cf07f515d5446f8dad72123104d814ec37352112b7a2b69e1aca5d309

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.