VDB
GCVE-110-MAGEIA-2020-80
GCVE-110-MAGEIA-2020-80
Advisory Published
Updated qtbase5 packages fix security vulnerabilities:
QPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain
plugins first on the current working directory of the application, which
allows an attacker that can place files in the file system and influence
the working directory of Qt-based applications to load and execute
malicious code (CVE-2020-0569).
QLibrary in Qt versions 5.12.0 through 5.14.0, on certain x86 machines,
would search for certain libraries and plugins relative to current working
directory of the application, which allows an attacker that can place files
in the file system and influence the working directory of Qt-based
applications to load and execute malicious code (CVE-2020-0570).
Also, a file conflict that caused issues when upgrading from Mageia 6 has
been fixed (mga#25418)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | get_iplayer | 0 (affected), 3.25-1.mga7 (unaffected) | — |
| Mageia | qtbase5 | 0 (affected), 5.12.6-2.mga7 (unaffected), 0 (affected), 5.12.6-2.mga7 (unaffected) | — |
References
Updated get_iplayer packages
advisory
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.