ALT Linux Team

Package qt5-3d update in sisyphus on 2020-02-19

ALT-PU-2020-1290-1

Package qt5-3d updated to version 5.12.7-alt1 for branch sisyphus in task 246056.

Closed vulnerabilities

Published: 2021-08-09

BDU:2022-01758

Уязвимость компонента QPluginLoader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2020-09-14
Modified: 2024-11-21

CVE-2020-0570

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.

Severity: MEDIUM (4.4) Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-08-09
Modified: 2024-11-21

CVE-2020-24742

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top