Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. The following packages have been upgraded to a later upstream version: qt5-qt3d , qt5-qtbase , qt5-qtcanvas3d , qt5-qtconnectivity , qt5-qtdeclarative , qt5-qtdoc , qt5-qtgraphicaleffects , qt5-qtimageformats , qt5-qtlocation , qt5-qtmultimedia , qt5-qtquickcontrols , qt5-qtquickcontrols2 , qt5-qtscript , qt5-qtsensors , qt5-qtserialbus , qt5-qtserialport , qt5-qtsvg , qt5-qttools , qt5-qttranslations , qt5-qtwayland , qt5-qtwebchannel , qt5-qtwebsockets , qt5-qtx11extras , qt5-qtxmlpatterns . Security Fix: * qt5-qtbase: Double free in QXmlStreamReader * qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service * qt5-qtbase: QImage allocation failure in qgifhandler * qt5-qtimageformats: QTgaFile CPU exhaustion * qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.