Mageia 7: 2020-0080 Critical: Qtbase5 Malicious Code Threat
mageia
February 9, 2020
Updated qtbase5 packages fix security vulnerabilities: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain plugins first on the current working directory of...
Summary
Updated qtbase5 packages fix security vulnerabilities:
QPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain
plugins first on the current working directory of the application, which
allows an attacker that can place files in the file system and influence
the working directory of Qt-based applications to load and execute
malicious code (CVE-2020-0569).
QLibrary in Qt versions 5.12.0 through 5.14.0, on certain x86 machines,
would search for certain libraries and plugins relative to current working
directory of the application, which allows an attacker that can place files
in the file system and influence the working directory of Qt-based
applications to load and execute malicious code (CVE-2020-0570).
Also, a file conflict that caused issues when upgrading from Mageia 6 has
been fixed (mga#25418)
References
- https://bugs.mageia.org/show_bug.cgi?id=26153
- https://bugs.mageia.org/show_bug.cgi?id=25418
- https://www.openwall.com/lists/oss-security/2020/01/30/1
- https://www.cve.org/CVERecord?id=CVE-2020-0569
- https://www.cve.org/CVERecord?id=CVE-2020-0570
Resolution
SRPMS
- 7/core/qtbase5-5.12.6-2.mga7
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 09 Feb 2020
URL: https://advisories.mageia.org/MGASA-2020-0080.html
Type: security
CVE: CVE-2020-0569, CVE-2020-0570
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!