Summary: | <dev-qt/qt{core-4.8.4-r2,gui-4.8.4-r1}: Shared Memory Segment Manipulation Weakness (CVE-2013-0254) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | krinpaus |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/52040/ | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-02-06 17:05:14 UTC
qt-gui is affected as well. Arches, please stabilize: =x11-libs/qt-core-4.8.4-r2 =x11-libs/qt-gui-4.8.4-r1 amd64 stable ia64 stable ppc64 stable ppc stable Stable for HPPA. arm stable x86 stable alpha stable CVE-2013-0254 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0254): The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. sparc stable All done for us. 12 Mar 2013; Davide Pesavento <pesa@gentoo.org> -qtcore-4.8.4.ebuild: Punt vulnerable version. 12 Mar 2013; Davide Pesavento <pesa@gentoo.org> -qtgui-4.8.4.ebuild: Punt vulnerable version. GLSA vote: yes. GLSA vote: yes Adding to existing GLSA draft This issue was resolved and addressed in GLSA 201311-14 at http://security.gentoo.org/glsa/glsa-201311-14.xml by GLSA coordinator Sergey Popov (pinkbyte). |