| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 03 Oct 2010 14:29:00 +0200 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2010:193 ] qt-creator -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:193 http://www.mandriva.com/security/ _______________________________________________________________________ Package : qt-creator Date : October 3, 2010 Affected: 2010.0, 2010.1 _______________________________________________________________________ Problem Description: A vulnerability has been found in Qt Creator 2.0.0 and previous versions. The vulnerability occurs because of an insecure manipulation of a Unix environment variable by the qtcreator shell script. It manifests by causing Qt or Qt Creator to attempt to load certain library names from the current working directory (CVE-2010-3374). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3374 http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: 72f483e1687632ee9887b5742b72891d 2010.0/i586/libaggregation1-1.2.1-2.2mdv2010.0.i586.rpm 38ef2476d9ca746576549cd230fed498 2010.0/i586/libcplusplus1-1.2.1-2.2mdv2010.0.i586.rpm 33d7aa73bc3793f7327e5e2160409f4b 2010.0/i586/libextensionsystem1-1.2.1-2.2mdv2010.0.i586.rpm 6429fd08060935dbecf7f7bdec4d2160 2010.0/i586/libqtconcurrent1-1.2.1-2.2mdv2010.0.i586.rpm 029072ad2feb8299499a79f75bf4ae8e 2010.0/i586/libutils1-1.2.1-2.2mdv2010.0.i586.rpm af66282a6100278935d3a2137af01522 2010.0/i586/qt-creator-1.2.1-2.2mdv2010.0.i586.rpm 617fccd89b2020320e4492364caed27c 2010.0/i586/qt-creator-doc-1.2.1-2.2mdv2010.0.i586.rpm 1a7f7c6820ac43102c30bf3c5ffa570c 2010.0/SRPMS/qt-creator-1.2.1-2.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: a2b277c9e816765850be2242dd725738 2010.0/x86_64/lib64aggregation1-1.2.1-2.2mdv2010.0.x86_64.rpm 553865d75cf73ac6c878b013dd7230eb 2010.0/x86_64/lib64cplusplus1-1.2.1-2.2mdv2010.0.x86_64.rpm b4067d049b8333c6986eb7b7ae15bd92 2010.0/x86_64/lib64extensionsystem1-1.2.1-2.2mdv2010.0.x86_64.rpm 4edc6b295e3da81e798abf9fd7f29055 2010.0/x86_64/lib64qtconcurrent1-1.2.1-2.2mdv2010.0.x86_64.rpm 4513fa9422e50fc2766009cd0e36bef3 2010.0/x86_64/lib64utils1-1.2.1-2.2mdv2010.0.x86_64.rpm 75e44c0a21ee51a31723b8745f1dafca 2010.0/x86_64/qt-creator-1.2.1-2.2mdv2010.0.x86_64.rpm f150dba6979ef40f976972f6acc75180 2010.0/x86_64/qt-creator-doc-1.2.1-2.2mdv2010.0.x86_64.rpm 1a7f7c6820ac43102c30bf3c5ffa570c 2010.0/SRPMS/qt-creator-1.2.1-2.2mdv2010.0.src.rpm Mandriva Linux 2010.1: 127afd19d86e5e5fb75a9a9a98ceec10 2010.1/i586/qt-creator-1.3.1-3.2mdv2010.1.i586.rpm 2af40e3c8026a3cf2c2a363bac6f04c5 2010.1/i586/qt-creator-doc-1.3.1-3.2mdv2010.1.i586.rpm 4cd4b31b37f920c3c4e8c074c5d6e6d5 2010.1/SRPMS/qt-creator-1.3.1-3.2mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: d36be9f4a84212098a5c18248a5f4465 2010.1/x86_64/qt-creator-1.3.1-3.2mdv2010.1.x86_64.rpm 911034c2b800c9021141242a56aae79a 2010.1/x86_64/qt-creator-doc-1.3.1-3.2mdv2010.1.x86_64.rpm 4cd4b31b37f920c3c4e8c074c5d6e6d5 2010.1/SRPMS/qt-creator-1.3.1-3.2mdv2010.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMqEsRmqjQ0CJFipgRAm4BAJ0b7XnaZghX83QGkIWeI0h4/+AdbgCfVdIv XmQcNcc6OmY0kXyBYjnudVs= =YDKE -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists