[SECURITY] [DLA 2092-1] qtbase-opensource-src security update

2020-02-0100:51:19

lists.debian.org

111

5.7 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

2.7 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

11.7%

JSON

Package : qtbase-opensource-src
Version : 5.3.2+dfsg-4+deb8u4
CVE ID : CVE-2020-0569

In Qt5's plugin loader code as found in qtbase-opensource-src, it was
possible to (side-)load plugins from "the" local folder in addition to a
system-widely defined library path.

For Debian 8 "Jessie", this problem has been fixed in version
5.3.2+dfsg-4+deb8u4.

We recommend that you upgrade your qtbase-opensource-src packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

–

mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: [email protected], http://sunweavers.net

Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian10i386qtbase5-private-dev< 5.11.3+dfsg1-1+deb10u3qtbase5-private-dev_5.11.3+dfsg1-1+deb10u3_i386.deb
Debian9amd64libqt5gui5-dbgsym< 5.7.1+dfsg-3+deb9u2libqt5gui5-dbgsym_5.7.1+dfsg-3+deb9u2_amd64.deb
Debian10ppc64ellibqt5sql5-odbc< 5.11.3+dfsg1-1+deb10u3libqt5sql5-odbc_5.11.3+dfsg1-1+deb10u3_ppc64el.deb
Debian10armhflibqt5sql5-ibase-dbgsym< 5.11.3+dfsg1-1+deb10u3libqt5sql5-ibase-dbgsym_5.11.3+dfsg1-1+deb10u3_armhf.deb
Debian10amd64libqt5sql5-sqlite< 5.11.3+dfsg1-1+deb10u3libqt5sql5-sqlite_5.11.3+dfsg1-1+deb10u3_amd64.deb
Debian9armellibqt5network5-dbgsym< 5.7.1+dfsg-3+deb9u2libqt5network5-dbgsym_5.7.1+dfsg-3+deb9u2_armel.deb
Debian9armellibqt5xml5-dbgsym< 5.7.1+dfsg-3+deb9u2libqt5xml5-dbgsym_5.7.1+dfsg-3+deb9u2_armel.deb
Debian8armhflibqt5dbus5< 5.3.2+dfsg-4+deb8u4libqt5dbus5_5.3.2+dfsg-4+deb8u4_armhf.deb
Debian9s390xlibqt5widgets5< 5.7.1+dfsg-3+deb9u2libqt5widgets5_5.7.1+dfsg-3+deb9u2_s390x.deb
Debian10arm64libqt5opengl5-dev< 5.11.3+dfsg1-1+deb10u3libqt5opengl5-dev_5.11.3+dfsg1-1+deb10u3_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	i386	qtbase5-private-dev	< 5.11.3+dfsg1-1+deb10u3	qtbase5-private-dev_5.11.3+dfsg1-1+deb10u3_i386.deb
Debian	9	amd64	libqt5gui5-dbgsym	< 5.7.1+dfsg-3+deb9u2	libqt5gui5-dbgsym_5.7.1+dfsg-3+deb9u2_amd64.deb
Debian	10	ppc64el	libqt5sql5-odbc	< 5.11.3+dfsg1-1+deb10u3	libqt5sql5-odbc_5.11.3+dfsg1-1+deb10u3_ppc64el.deb
Debian	10	armhf	libqt5sql5-ibase-dbgsym	< 5.11.3+dfsg1-1+deb10u3	libqt5sql5-ibase-dbgsym_5.11.3+dfsg1-1+deb10u3_armhf.deb
Debian	10	amd64	libqt5sql5-sqlite	< 5.11.3+dfsg1-1+deb10u3	libqt5sql5-sqlite_5.11.3+dfsg1-1+deb10u3_amd64.deb
Debian	9	armel	libqt5network5-dbgsym	< 5.7.1+dfsg-3+deb9u2	libqt5network5-dbgsym_5.7.1+dfsg-3+deb9u2_armel.deb
Debian	9	armel	libqt5xml5-dbgsym	< 5.7.1+dfsg-3+deb9u2	libqt5xml5-dbgsym_5.7.1+dfsg-3+deb9u2_armel.deb
Debian	8	armhf	libqt5dbus5	< 5.3.2+dfsg-4+deb8u4	libqt5dbus5_5.3.2+dfsg-4+deb8u4_armhf.deb
Debian	9	s390x	libqt5widgets5	< 5.7.1+dfsg-3+deb9u2	libqt5widgets5_5.7.1+dfsg-3+deb9u2_s390x.deb
Debian	10	arm64	libqt5opengl5-dev	< 5.11.3+dfsg1-1+deb10u3	libqt5opengl5-dev_5.11.3+dfsg1-1+deb10u3_arm64.deb