Issued:: 2026-06-10
Updated:: 2026-06-10

RHSA-2026:24987 - Security Advisory

Overview
Updated Packages

Synopsis

Important: qt6-qtdeclarative security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for qt6-qtdeclarative is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Qt6 - QtDeclarative component.

Security Fix(es):

qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file (CVE-2025-14576)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

BZ - 2464114 - CVE-2025-14576 qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file

CVEs

CVE-2025-14576

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
qt6-qtdeclarative-6.8.1-5.el10_0.src.rpm	SHA-256: 823b776ca5f96fe4fe51011b08e9ca56d17dd78c61b997d226fe2bc0db6dc330
x86_64
qt6-qtdeclarative-6.8.1-5.el10_0.x86_64.rpm	SHA-256: acc1c06db57015c04e4f1cebd0d35defe955768a9db6a5ecd010a8818b969e19
qt6-qtdeclarative-debuginfo-6.8.1-5.el10_0.x86_64.rpm	SHA-256: 4290ad15e089e22ddaa376f26c0041546eb41e36122cf374da221300a34d27e0
qt6-qtdeclarative-debugsource-6.8.1-5.el10_0.x86_64.rpm	SHA-256: 8032c20b4802835a65563f0769b61d8e098988d210f76301f443220c1a217a39
qt6-qtdeclarative-devel-6.8.1-5.el10_0.x86_64.rpm	SHA-256: 877062eebc8fcec9f3089ef3eabde7de8a7749ea8904718fe4ae2a8729840a00
qt6-qtdeclarative-devel-debuginfo-6.8.1-5.el10_0.x86_64.rpm	SHA-256: 6169612bc489864cd827e1e3dffa4d3a0d50a630cc03acafa6e1c3d7bc052a67
qt6-qtdeclarative-examples-debuginfo-6.8.1-5.el10_0.x86_64.rpm	SHA-256: 315fdb5214b3829682f3824ea098751d48c90669357d5d609da6db50ac5decd6
qt6-qtdeclarative-tests-debuginfo-6.8.1-5.el10_0.x86_64.rpm	SHA-256: c3ac0af3f65c4e5ab39c1e5d8f83ae329209c6f25bbd97fdb3ef28f264c709de

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
qt6-qtdeclarative-6.8.1-5.el10_0.src.rpm	SHA-256: 823b776ca5f96fe4fe51011b08e9ca56d17dd78c61b997d226fe2bc0db6dc330
s390x
qt6-qtdeclarative-6.8.1-5.el10_0.s390x.rpm	SHA-256: fb66830e163bef1e285910249ecf317b2e62d93b994620b8d2301f1a0605d8c4
qt6-qtdeclarative-debuginfo-6.8.1-5.el10_0.s390x.rpm	SHA-256: 97146b04bb4582f12b3d5813c49cd58ce0c88146f449ec88f2a76a09164d4322
qt6-qtdeclarative-debugsource-6.8.1-5.el10_0.s390x.rpm	SHA-256: d595544f36a97424e05e30c7b5ab26e91346ea019f8b24b23029833d1446645a
qt6-qtdeclarative-devel-6.8.1-5.el10_0.s390x.rpm	SHA-256: 6eca3423dac8ba4069ee79374eaef90658a2065d85458abe87a90f6013052dcb
qt6-qtdeclarative-devel-debuginfo-6.8.1-5.el10_0.s390x.rpm	SHA-256: ca0e6467b2320168ea0778247412c08419b8a27e5b12694ac1284c8e2cd35a27
qt6-qtdeclarative-examples-debuginfo-6.8.1-5.el10_0.s390x.rpm	SHA-256: 321a52f943129c0b15f675e86cd7135455e80e62745c2c5967324924c67a91d3
qt6-qtdeclarative-tests-debuginfo-6.8.1-5.el10_0.s390x.rpm	SHA-256: 1e95ec1409f3c191f80013650d9f7e961a4e8df6da92d6790ebfec99efe1bc2b

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
qt6-qtdeclarative-6.8.1-5.el10_0.src.rpm	SHA-256: 823b776ca5f96fe4fe51011b08e9ca56d17dd78c61b997d226fe2bc0db6dc330
ppc64le
qt6-qtdeclarative-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: 3bff5fc06a734eac56ca999b808a94af7ed36f1ec781b7cbe04acfda688bca0c
qt6-qtdeclarative-debuginfo-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: 5c69fdec0238f6c16c98b46c4d2bb36109c3f6d63ce97937416f150f710ce48f
qt6-qtdeclarative-debugsource-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: ffc8abc4b2820469b00331da1011bc9ffe19d9ce0fb9200cf2a9226b1f0a6d31
qt6-qtdeclarative-devel-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: 9714120371b7ba0bb210822108a471d42a5c0220ffcfdc239162dda615262a15
qt6-qtdeclarative-devel-debuginfo-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: b505bd6284f07685aa399c55841d02601f225c72277179a4861b32b30486d72a
qt6-qtdeclarative-examples-debuginfo-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: b418ca64b3b04090a8c5cb706e701cc76b25a4e1ddda93d35877118beae9c676
qt6-qtdeclarative-tests-debuginfo-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: 83f7975d7292eb4b238825c9d1fde53daccefb12bdb54258d1594bafa3903721

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
qt6-qtdeclarative-6.8.1-5.el10_0.src.rpm	SHA-256: 823b776ca5f96fe4fe51011b08e9ca56d17dd78c61b997d226fe2bc0db6dc330
aarch64
qt6-qtdeclarative-6.8.1-5.el10_0.aarch64.rpm	SHA-256: 6566e3e4c32f6560ac777785310d9bb1b742b40fd6006287f7ef59942313d0a3
qt6-qtdeclarative-debuginfo-6.8.1-5.el10_0.aarch64.rpm	SHA-256: cc60c80231b965d7c99a6c8a720e8b1d28d9a56ca90b0d6418e21bca9699f1bf
qt6-qtdeclarative-debugsource-6.8.1-5.el10_0.aarch64.rpm	SHA-256: 7a4c43571d4410160f113590469790080fa67dd47ff25a9357d82d41f45460cd
qt6-qtdeclarative-devel-6.8.1-5.el10_0.aarch64.rpm	SHA-256: 14ed1ddb1e7ac48226080d7174286bc66e1e43ef6296aafe7952a777fb1d3de6
qt6-qtdeclarative-devel-debuginfo-6.8.1-5.el10_0.aarch64.rpm	SHA-256: 75b8b1c7fef46da547b1d9d04e8b78ddf5710f45d444dc3b8a005c4082bd4a21
qt6-qtdeclarative-examples-debuginfo-6.8.1-5.el10_0.aarch64.rpm	SHA-256: 59b24a605cef628c7a26f8e57db44cf0c4de1c2f5044460664df6ea601623c28
qt6-qtdeclarative-tests-debuginfo-6.8.1-5.el10_0.aarch64.rpm	SHA-256: c8bc04d9447131f62204ac350f41a054b767d31a8322b38746b29c2e8b7003fc

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0

SRPM
x86_64
qt6-qtdeclarative-debuginfo-6.8.1-5.el10_0.x86_64.rpm	SHA-256: 4290ad15e089e22ddaa376f26c0041546eb41e36122cf374da221300a34d27e0
qt6-qtdeclarative-debugsource-6.8.1-5.el10_0.x86_64.rpm	SHA-256: 8032c20b4802835a65563f0769b61d8e098988d210f76301f443220c1a217a39
qt6-qtdeclarative-devel-debuginfo-6.8.1-5.el10_0.x86_64.rpm	SHA-256: 6169612bc489864cd827e1e3dffa4d3a0d50a630cc03acafa6e1c3d7bc052a67
qt6-qtdeclarative-examples-6.8.1-5.el10_0.x86_64.rpm	SHA-256: a8870e37edc5167e8d56d89289aeafea93929033ac3ee2fb627430496e128d39
qt6-qtdeclarative-examples-debuginfo-6.8.1-5.el10_0.x86_64.rpm	SHA-256: 315fdb5214b3829682f3824ea098751d48c90669357d5d609da6db50ac5decd6
qt6-qtdeclarative-static-6.8.1-5.el10_0.x86_64.rpm	SHA-256: 3acf73767f1768d6419f1991a6f3f1f4f1c2311b8958662193656a6e380e011e
qt6-qtdeclarative-tests-debuginfo-6.8.1-5.el10_0.x86_64.rpm	SHA-256: c3ac0af3f65c4e5ab39c1e5d8f83ae329209c6f25bbd97fdb3ef28f264c709de

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0

SRPM
ppc64le
qt6-qtdeclarative-debuginfo-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: 5c69fdec0238f6c16c98b46c4d2bb36109c3f6d63ce97937416f150f710ce48f
qt6-qtdeclarative-debugsource-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: ffc8abc4b2820469b00331da1011bc9ffe19d9ce0fb9200cf2a9226b1f0a6d31
qt6-qtdeclarative-devel-debuginfo-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: b505bd6284f07685aa399c55841d02601f225c72277179a4861b32b30486d72a
qt6-qtdeclarative-examples-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: ffeed1bd92effd57a08bf48fbe6a2b65d69fcf8b899a4b16a07cf0137db3931d
qt6-qtdeclarative-examples-debuginfo-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: b418ca64b3b04090a8c5cb706e701cc76b25a4e1ddda93d35877118beae9c676
qt6-qtdeclarative-static-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: 9ff2ca7bca2c025f6f174335ac5a97020c380a1c58c0b1634293cb6cbff86696
qt6-qtdeclarative-tests-debuginfo-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: 83f7975d7292eb4b238825c9d1fde53daccefb12bdb54258d1594bafa3903721

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0

SRPM
s390x
qt6-qtdeclarative-debuginfo-6.8.1-5.el10_0.s390x.rpm	SHA-256: 97146b04bb4582f12b3d5813c49cd58ce0c88146f449ec88f2a76a09164d4322
qt6-qtdeclarative-debugsource-6.8.1-5.el10_0.s390x.rpm	SHA-256: d595544f36a97424e05e30c7b5ab26e91346ea019f8b24b23029833d1446645a
qt6-qtdeclarative-devel-debuginfo-6.8.1-5.el10_0.s390x.rpm	SHA-256: ca0e6467b2320168ea0778247412c08419b8a27e5b12694ac1284c8e2cd35a27
qt6-qtdeclarative-examples-6.8.1-5.el10_0.s390x.rpm	SHA-256: 59d874e7d1ce052f2fd52a0491ce9f5866c37830231dc8710fb3297d55b6f47c
qt6-qtdeclarative-examples-debuginfo-6.8.1-5.el10_0.s390x.rpm	SHA-256: 321a52f943129c0b15f675e86cd7135455e80e62745c2c5967324924c67a91d3
qt6-qtdeclarative-static-6.8.1-5.el10_0.s390x.rpm	SHA-256: 8e2f0859339db8fe27f2e4210fa8f6afcb9f645adc9cdfaeaff3c94dd898f92e
qt6-qtdeclarative-tests-debuginfo-6.8.1-5.el10_0.s390x.rpm	SHA-256: 1e95ec1409f3c191f80013650d9f7e961a4e8df6da92d6790ebfec99efe1bc2b

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0

SRPM
aarch64
qt6-qtdeclarative-debuginfo-6.8.1-5.el10_0.aarch64.rpm	SHA-256: cc60c80231b965d7c99a6c8a720e8b1d28d9a56ca90b0d6418e21bca9699f1bf
qt6-qtdeclarative-debugsource-6.8.1-5.el10_0.aarch64.rpm	SHA-256: 7a4c43571d4410160f113590469790080fa67dd47ff25a9357d82d41f45460cd
qt6-qtdeclarative-devel-debuginfo-6.8.1-5.el10_0.aarch64.rpm	SHA-256: 75b8b1c7fef46da547b1d9d04e8b78ddf5710f45d444dc3b8a005c4082bd4a21
qt6-qtdeclarative-examples-6.8.1-5.el10_0.aarch64.rpm	SHA-256: 138474bfdafac5f4ba827bc34b45bce943976810a0512fada014cb6397a42925
qt6-qtdeclarative-examples-debuginfo-6.8.1-5.el10_0.aarch64.rpm	SHA-256: 59b24a605cef628c7a26f8e57db44cf0c4de1c2f5044460664df6ea601623c28
qt6-qtdeclarative-static-6.8.1-5.el10_0.aarch64.rpm	SHA-256: 384033013efcfe6d0230aabdf4980f271d32ef3f6c14d6d4d03d92a1a2455e44
qt6-qtdeclarative-tests-debuginfo-6.8.1-5.el10_0.aarch64.rpm	SHA-256: c8bc04d9447131f62204ac350f41a054b767d31a8322b38746b29c2e8b7003fc

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
qt6-qtdeclarative-6.8.1-5.el10_0.src.rpm	SHA-256: 823b776ca5f96fe4fe51011b08e9ca56d17dd78c61b997d226fe2bc0db6dc330
aarch64
qt6-qtdeclarative-6.8.1-5.el10_0.aarch64.rpm	SHA-256: 6566e3e4c32f6560ac777785310d9bb1b742b40fd6006287f7ef59942313d0a3
qt6-qtdeclarative-debuginfo-6.8.1-5.el10_0.aarch64.rpm	SHA-256: cc60c80231b965d7c99a6c8a720e8b1d28d9a56ca90b0d6418e21bca9699f1bf
qt6-qtdeclarative-debugsource-6.8.1-5.el10_0.aarch64.rpm	SHA-256: 7a4c43571d4410160f113590469790080fa67dd47ff25a9357d82d41f45460cd
qt6-qtdeclarative-devel-6.8.1-5.el10_0.aarch64.rpm	SHA-256: 14ed1ddb1e7ac48226080d7174286bc66e1e43ef6296aafe7952a777fb1d3de6
qt6-qtdeclarative-devel-debuginfo-6.8.1-5.el10_0.aarch64.rpm	SHA-256: 75b8b1c7fef46da547b1d9d04e8b78ddf5710f45d444dc3b8a005c4082bd4a21
qt6-qtdeclarative-examples-debuginfo-6.8.1-5.el10_0.aarch64.rpm	SHA-256: 59b24a605cef628c7a26f8e57db44cf0c4de1c2f5044460664df6ea601623c28
qt6-qtdeclarative-tests-debuginfo-6.8.1-5.el10_0.aarch64.rpm	SHA-256: c8bc04d9447131f62204ac350f41a054b767d31a8322b38746b29c2e8b7003fc

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
qt6-qtdeclarative-6.8.1-5.el10_0.src.rpm	SHA-256: 823b776ca5f96fe4fe51011b08e9ca56d17dd78c61b997d226fe2bc0db6dc330
s390x
qt6-qtdeclarative-6.8.1-5.el10_0.s390x.rpm	SHA-256: fb66830e163bef1e285910249ecf317b2e62d93b994620b8d2301f1a0605d8c4
qt6-qtdeclarative-debuginfo-6.8.1-5.el10_0.s390x.rpm	SHA-256: 97146b04bb4582f12b3d5813c49cd58ce0c88146f449ec88f2a76a09164d4322
qt6-qtdeclarative-debugsource-6.8.1-5.el10_0.s390x.rpm	SHA-256: d595544f36a97424e05e30c7b5ab26e91346ea019f8b24b23029833d1446645a
qt6-qtdeclarative-devel-6.8.1-5.el10_0.s390x.rpm	SHA-256: 6eca3423dac8ba4069ee79374eaef90658a2065d85458abe87a90f6013052dcb
qt6-qtdeclarative-devel-debuginfo-6.8.1-5.el10_0.s390x.rpm	SHA-256: ca0e6467b2320168ea0778247412c08419b8a27e5b12694ac1284c8e2cd35a27
qt6-qtdeclarative-examples-debuginfo-6.8.1-5.el10_0.s390x.rpm	SHA-256: 321a52f943129c0b15f675e86cd7135455e80e62745c2c5967324924c67a91d3
qt6-qtdeclarative-tests-debuginfo-6.8.1-5.el10_0.s390x.rpm	SHA-256: 1e95ec1409f3c191f80013650d9f7e961a4e8df6da92d6790ebfec99efe1bc2b

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
qt6-qtdeclarative-6.8.1-5.el10_0.src.rpm	SHA-256: 823b776ca5f96fe4fe51011b08e9ca56d17dd78c61b997d226fe2bc0db6dc330
ppc64le
qt6-qtdeclarative-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: 3bff5fc06a734eac56ca999b808a94af7ed36f1ec781b7cbe04acfda688bca0c
qt6-qtdeclarative-debuginfo-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: 5c69fdec0238f6c16c98b46c4d2bb36109c3f6d63ce97937416f150f710ce48f
qt6-qtdeclarative-debugsource-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: ffc8abc4b2820469b00331da1011bc9ffe19d9ce0fb9200cf2a9226b1f0a6d31
qt6-qtdeclarative-devel-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: 9714120371b7ba0bb210822108a471d42a5c0220ffcfdc239162dda615262a15
qt6-qtdeclarative-devel-debuginfo-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: b505bd6284f07685aa399c55841d02601f225c72277179a4861b32b30486d72a
qt6-qtdeclarative-examples-debuginfo-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: b418ca64b3b04090a8c5cb706e701cc76b25a4e1ddda93d35877118beae9c676
qt6-qtdeclarative-tests-debuginfo-6.8.1-5.el10_0.ppc64le.rpm	SHA-256: 83f7975d7292eb4b238825c9d1fde53daccefb12bdb54258d1594bafa3903721

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
qt6-qtdeclarative-6.8.1-5.el10_0.src.rpm	SHA-256: 823b776ca5f96fe4fe51011b08e9ca56d17dd78c61b997d226fe2bc0db6dc330
x86_64
qt6-qtdeclarative-6.8.1-5.el10_0.x86_64.rpm	SHA-256: acc1c06db57015c04e4f1cebd0d35defe955768a9db6a5ecd010a8818b969e19
qt6-qtdeclarative-debuginfo-6.8.1-5.el10_0.x86_64.rpm	SHA-256: 4290ad15e089e22ddaa376f26c0041546eb41e36122cf374da221300a34d27e0
qt6-qtdeclarative-debugsource-6.8.1-5.el10_0.x86_64.rpm	SHA-256: 8032c20b4802835a65563f0769b61d8e098988d210f76301f443220c1a217a39
qt6-qtdeclarative-devel-6.8.1-5.el10_0.x86_64.rpm	SHA-256: 877062eebc8fcec9f3089ef3eabde7de8a7749ea8904718fe4ae2a8729840a00
qt6-qtdeclarative-devel-debuginfo-6.8.1-5.el10_0.x86_64.rpm	SHA-256: 6169612bc489864cd827e1e3dffa4d3a0d50a630cc03acafa6e1c3d7bc052a67
qt6-qtdeclarative-examples-debuginfo-6.8.1-5.el10_0.x86_64.rpm	SHA-256: 315fdb5214b3829682f3824ea098751d48c90669357d5d609da6db50ac5decd6
qt6-qtdeclarative-tests-debuginfo-6.8.1-5.el10_0.x86_64.rpm	SHA-256: c3ac0af3f65c4e5ab39c1e5d8f83ae329209c6f25bbd97fdb3ef28f264c709de

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation