lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1P2Nga-0006ER-HV@titan.mandriva.com>
Date: Sun, 03 Oct 2010 14:29:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2010:193 ] qt-creator

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:193
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : qt-creator
 Date    : October 3, 2010
 Affected: 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found in Qt Creator 2.0.0 and previous
 versions. The vulnerability occurs because of an insecure manipulation
 of a Unix environment variable by the qtcreator shell script. It
 manifests by causing Qt or Qt Creator to attempt to load certain
 library names from the current working directory (CVE-2010-3374).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3374
 http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 72f483e1687632ee9887b5742b72891d  2010.0/i586/libaggregation1-1.2.1-2.2mdv2010.0.i586.rpm
 38ef2476d9ca746576549cd230fed498  2010.0/i586/libcplusplus1-1.2.1-2.2mdv2010.0.i586.rpm
 33d7aa73bc3793f7327e5e2160409f4b  2010.0/i586/libextensionsystem1-1.2.1-2.2mdv2010.0.i586.rpm
 6429fd08060935dbecf7f7bdec4d2160  2010.0/i586/libqtconcurrent1-1.2.1-2.2mdv2010.0.i586.rpm
 029072ad2feb8299499a79f75bf4ae8e  2010.0/i586/libutils1-1.2.1-2.2mdv2010.0.i586.rpm
 af66282a6100278935d3a2137af01522  2010.0/i586/qt-creator-1.2.1-2.2mdv2010.0.i586.rpm
 617fccd89b2020320e4492364caed27c  2010.0/i586/qt-creator-doc-1.2.1-2.2mdv2010.0.i586.rpm 
 1a7f7c6820ac43102c30bf3c5ffa570c  2010.0/SRPMS/qt-creator-1.2.1-2.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 a2b277c9e816765850be2242dd725738  2010.0/x86_64/lib64aggregation1-1.2.1-2.2mdv2010.0.x86_64.rpm
 553865d75cf73ac6c878b013dd7230eb  2010.0/x86_64/lib64cplusplus1-1.2.1-2.2mdv2010.0.x86_64.rpm
 b4067d049b8333c6986eb7b7ae15bd92  2010.0/x86_64/lib64extensionsystem1-1.2.1-2.2mdv2010.0.x86_64.rpm
 4edc6b295e3da81e798abf9fd7f29055  2010.0/x86_64/lib64qtconcurrent1-1.2.1-2.2mdv2010.0.x86_64.rpm
 4513fa9422e50fc2766009cd0e36bef3  2010.0/x86_64/lib64utils1-1.2.1-2.2mdv2010.0.x86_64.rpm
 75e44c0a21ee51a31723b8745f1dafca  2010.0/x86_64/qt-creator-1.2.1-2.2mdv2010.0.x86_64.rpm
 f150dba6979ef40f976972f6acc75180  2010.0/x86_64/qt-creator-doc-1.2.1-2.2mdv2010.0.x86_64.rpm 
 1a7f7c6820ac43102c30bf3c5ffa570c  2010.0/SRPMS/qt-creator-1.2.1-2.2mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 127afd19d86e5e5fb75a9a9a98ceec10  2010.1/i586/qt-creator-1.3.1-3.2mdv2010.1.i586.rpm
 2af40e3c8026a3cf2c2a363bac6f04c5  2010.1/i586/qt-creator-doc-1.3.1-3.2mdv2010.1.i586.rpm 
 4cd4b31b37f920c3c4e8c074c5d6e6d5  2010.1/SRPMS/qt-creator-1.3.1-3.2mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 d36be9f4a84212098a5c18248a5f4465  2010.1/x86_64/qt-creator-1.3.1-3.2mdv2010.1.x86_64.rpm
 911034c2b800c9021141242a56aae79a  2010.1/x86_64/qt-creator-doc-1.3.1-3.2mdv2010.1.x86_64.rpm 
 4cd4b31b37f920c3c4e8c074c5d6e6d5  2010.1/SRPMS/qt-creator-1.3.1-3.2mdv2010.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMqEsRmqjQ0CJFipgRAm4BAJ0b7XnaZghX83QGkIWeI0h4/+AdbgCfVdIv
XmQcNcc6OmY0kXyBYjnudVs=
=YDKE
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ