Stay Secure with the Latest Linux Advisories

security advisorymoderatefedora

Ubuntu 21.10: 2021-5f270d7a6b High: Python Input Validation Flaw

CVE-2020-24741, Do not attempt to load a library relative to $PWD. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-4b190fd271 2021-10-29 22:48:33.392283 --------------------------------------------------------------------------------Name : qt Product : Fedora 35 Version : 4.8.7 Release : 65.fc35 URL : https://contribute.qt-project.org/ Summary : Qt toolkit Description : Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. --------------------------------------------------------------------------------Update Information: CVE-2020-24741, Do not attempt to load a library relative to $PWD --------------------------------------------------------------------------------ChangeLog: * Tue Oct 12 2021 Than Ngo - 1:4.8.7-65 - CVE-2020-24741, Do not attempt to load a library relative to $PWD * Tue Sep 14 2021 Sahana Prasad - 1:4.8.7-64 - Rebuilt with OpenSSL 3.0.0 * Thu Jul 29 2021 Than Ngo - 4.8.7-63 - Fixed FTBFS against firebird-4.0.0 --------------------------------------------------------------------------------References: [ 1 ] Bug #1993132 - CVE-2020-24741 qt: QLibrary loads libraries relative to CWD which could result in arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=1993132 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-4b190fd271' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Critical Fedora patch for qt resolves a dynamic library loading vulnerability that may lead to arbitrary code execution. Upgrade your system promptly!. Qt Toolkit, Fedora Updates, Library Loading. . LinuxSecurity.com Team

Oct 29, 2021 Fedora