Advisories ยป MGASA-2020-0080

Updated qtbase5 packages fix security vulnerabilities

Publication date: 09 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-0569 , CVE-2020-0570

Description

Updated qtbase5 packages fix security vulnerabilities:

QPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain
plugins first on the current working directory of the application, which
allows an attacker that can place files in the file system and influence
the working directory of Qt-based applications to load and execute
malicious code (CVE-2020-0569).

QLibrary in Qt versions 5.12.0 through 5.14.0, on certain x86 machines,
would search for certain libraries and plugins relative to current working
directory of the application, which allows an attacker that can place files
in the file system and influence the working directory of Qt-based
applications to load and execute malicious code (CVE-2020-0570).

Also, a file conflict that caused issues when upgrading from Mageia 6 has
been fixed (mga#25418)
                

References

SRPMS

7/core