{ "schema_version": "1.6.2", "id": "MGASA-2020-0080", "published": "2020-02-09T19:13:40Z", "modified": "2020-02-09T18:52:17Z", "summary": "Updated qtbase5 packages fix security vulnerabilities", "details": "Updated qtbase5 packages fix security vulnerabilities:\n\nQPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain\nplugins first on the current working directory of the application, which\nallows an attacker that can place files in the file system and influence\nthe working directory of Qt-based applications to load and execute\nmalicious code (CVE-2020-0569).\n\nQLibrary in Qt versions 5.12.0 through 5.14.0, on certain x86 machines,\nwould search for certain libraries and plugins relative to current working\ndirectory of the application, which allows an attacker that can place files\nin the file system and influence the working directory of Qt-based\napplications to load and execute malicious code (CVE-2020-0570).\n\nAlso, a file conflict that caused issues when upgrading from Mageia 6 has\nbeen fixed (mga#25418)\n", "related": [ "CVE-2020-0569", "CVE-2020-0570" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2020-0080.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=26153" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=25418" }, { "type": "REPORT", "url": "https://www.openwall.com/lists/oss-security/2020/01/30/1" } ], "affected": [ { "package": { "ecosystem": "Mageia:7", "name": "qtbase5", "purl": "pkg:rpm/mageia/qtbase5?arch=source&distro=mageia-7" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "5.12.6-2.mga7" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }