ID CVE-2013-0254
Summary The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
References
Vulnerable Configurations
  • Digia Qt 1.41
    cpe:2.3:a:digia:qt:1.41
  • Digia Qt 1.42
    cpe:2.3:a:digia:qt:1.42
  • Digia Qt 1.43
    cpe:2.3:a:digia:qt:1.43
  • Digia Qt 1.44
    cpe:2.3:a:digia:qt:1.44
  • Digia Qt 1.45
    cpe:2.3:a:digia:qt:1.45
  • Digia Qt 2.0.0
    cpe:2.3:a:digia:qt:2.0.0
  • Digia Qt 2.0.1
    cpe:2.3:a:digia:qt:2.0.1
  • Digia Qt 2.0.2
    cpe:2.3:a:digia:qt:2.0.2
  • Digia Qt 3.3.0
    cpe:2.3:a:digia:qt:3.3.0
  • Digia Qt 3.3.1
    cpe:2.3:a:digia:qt:3.3.1
  • Digia Qt 3.3.2
    cpe:2.3:a:digia:qt:3.3.2
  • Digia Qt 3.3.3
    cpe:2.3:a:digia:qt:3.3.3
  • Digia Qt 3.3.4
    cpe:2.3:a:digia:qt:3.3.4
  • Digia Qt 3.3.5
    cpe:2.3:a:digia:qt:3.3.5
  • Digia Qt 3.3.6
    cpe:2.3:a:digia:qt:3.3.6
  • Digia Qt 4.0.0
    cpe:2.3:a:digia:qt:4.0.0
  • Digia Qt 4.0.1
    cpe:2.3:a:digia:qt:4.0.1
  • Digia Qt 4.1.0
    cpe:2.3:a:digia:qt:4.1.0
  • Digia Qt 4.1.1
    cpe:2.3:a:digia:qt:4.1.1
  • Digia Qt 4.1.2
    cpe:2.3:a:digia:qt:4.1.2
  • Digia Qt 4.1.3
    cpe:2.3:a:digia:qt:4.1.3
  • Digia Qt 4.1.4
    cpe:2.3:a:digia:qt:4.1.4
  • Digia Qt 4.1.5
    cpe:2.3:a:digia:qt:4.1.5
  • Digia Qt 4.2.0
    cpe:2.3:a:digia:qt:4.2.0
  • Digia Qt 4.2.1
    cpe:2.3:a:digia:qt:4.2.1
  • Digia Qt 4.2.3
    cpe:2.3:a:digia:qt:4.2.3
  • Digia Qt 4.3.0
    cpe:2.3:a:digia:qt:4.3.0
  • Digia Qt 4.3.1
    cpe:2.3:a:digia:qt:4.3.1
  • Digia Qt 4.3.2
    cpe:2.3:a:digia:qt:4.3.2
  • Digia Qt 4.3.3
    cpe:2.3:a:digia:qt:4.3.3
  • Digia Qt 4.3.4
    cpe:2.3:a:digia:qt:4.3.4
  • Digia Qt 4.3.5
    cpe:2.3:a:digia:qt:4.3.5
  • Digia Qt 4.4.0
    cpe:2.3:a:digia:qt:4.4.0
  • Digia Qt 4.4.1
    cpe:2.3:a:digia:qt:4.4.1
  • Digia Qt 4.4.2
    cpe:2.3:a:digia:qt:4.4.2
  • Digia Qt 4.4.3
    cpe:2.3:a:digia:qt:4.4.3
  • Digia Qt 4.5.0
    cpe:2.3:a:digia:qt:4.5.0
  • Digia Qt 4.5.1
    cpe:2.3:a:digia:qt:4.5.1
  • Digia Qt 4.5.2
    cpe:2.3:a:digia:qt:4.5.2
  • Digia Qt 4.5.3
    cpe:2.3:a:digia:qt:4.5.3
  • Digia Qt 4.6.0
    cpe:2.3:a:digia:qt:4.6.0
  • Digia Qt 4.6.1
    cpe:2.3:a:digia:qt:4.6.1
  • Digia Qt 4.6.2
    cpe:2.3:a:digia:qt:4.6.2
  • Digia Qt 4.6.3
    cpe:2.3:a:digia:qt:4.6.3
  • Digia Qt 4.6.4
    cpe:2.3:a:digia:qt:4.6.4
  • Digia Qt 4.6.5
    cpe:2.3:a:digia:qt:4.6.5
  • Digia Qt 4.7.0
    cpe:2.3:a:digia:qt:4.7.0
  • Digia Qt 4.7.1
    cpe:2.3:a:digia:qt:4.7.1
  • Digia Qt 4.7.2
    cpe:2.3:a:digia:qt:4.7.2
  • Digia Qt 4.7.3
    cpe:2.3:a:digia:qt:4.7.3
  • Digia Qt 4.7.4
    cpe:2.3:a:digia:qt:4.7.4
  • Digia Qt 4.7.5
    cpe:2.3:a:digia:qt:4.7.5
  • Digia Qt 4.7.6
    cpe:2.3:a:digia:qt:4.7.6
  • Digia Qt 4.8.0
    cpe:2.3:a:digia:qt:4.8.0
  • Digia Qt 4.8.1
    cpe:2.3:a:digia:qt:4.8.1
  • Digia Qt 4.8.2
    cpe:2.3:a:digia:qt:4.8.2
  • Digia Qt 4.8.3
    cpe:2.3:a:digia:qt:4.8.3
  • Digia Qt 4.8.4
    cpe:2.3:a:digia:qt:4.8.4
  • Digia Qt 4.8.5
    cpe:2.3:a:digia:qt:4.8.5
  • Digia Qt 5.0.0
    cpe:2.3:a:digia:qt:5.0.0
  • Digia Qt 5.0.1
    cpe:2.3:a:digia:qt:5.0.1
CVSS
Base: 3.6 (as of 06-02-2013 - 14:03)
Impact:
Exploitability:
CWE CWE-264
CAPEC
  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-2041.NASL
    description it fixes security flaw was found in the way QSharedMemory class, CVE-2013-0254 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 64603
    published 2013-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64603
    title Fedora 18 : qt-4.8.4-11.fc18 (2013-2041)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-1997.NASL
    description it fixes security flaw was found in the way QSharedMemory class, CVE-2013-0254 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 64868
    published 2013-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64868
    title Fedora 17 : qt-4.8.4-11.fc17 (2013-1997)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-178.NASL
    description libqt4 was updated to fix a information disclosure via QSharedMemory (CVE-2013-0254).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74916
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74916
    title openSUSE Security Update : libqt4 (openSUSE-SU-2013:0404-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130321_QT_ON_SL6_X.NASL
    description It was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment. (CVE-2013-0254) All running applications linked against Qt libraries must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 65654
    published 2013-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65654
    title Scientific Linux Security Update : qt on SL6.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1723-1.NASL
    description Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting requests from http to file schemes. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2012-5624) Stephen Cheng discovered that Qt may report incorrect errors when ssl certificate verification fails. (CVE-2012-6093) Tim Brown and Mark Lowe discovered that Qt incorrectly used weak permissions on shared memory segments. A local attacker could use this issue to view sensitive information, or modify program data belonging to other users. (CVE-2013-0254). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 64638
    published 2013-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64638
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : qt4-x11 vulnerabilities (USN-1723-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0669.NASL
    description Updated qt packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. It was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment. (CVE-2013-0254) Red Hat would like to thank the Qt project for reporting this issue. Upstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer Security Ltd. as the original reporters. Users of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Qt libraries must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65652
    published 2013-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65652
    title RHEL 6 : qt (RHSA-2013:0669)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-210.NASL
    description This update fixes multiple security issues in the Qt library. CVE-2013-0254 The QSharedMemory class uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. CVE-2015-0295 / CVE-2015-1858 / CVE-2015-1859 / CVE-2015-1860 Denial of service (via segmentation faults) through crafted images (BMP, GIF, ICO). NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 83164
    published 2015-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83164
    title Debian DLA-210-1 : qt4-x11 security update
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0669.NASL
    description Updated qt packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. It was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment. (CVE-2013-0254) Red Hat would like to thank the Qt project for reporting this issue. Upstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer Security Ltd. as the original reporters. Users of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Qt libraries must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65661
    published 2013-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65661
    title CentOS 6 : qt (CESA-2013:0669)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0669.NASL
    description From Red Hat Security Advisory 2013:0669 : Updated qt packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. It was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment. (CVE-2013-0254) Red Hat would like to thank the Qt project for reporting this issue. Upstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer Security Ltd. as the original reporters. Users of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Qt libraries must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68795
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68795
    title Oracle Linux 6 : qt (ELSA-2013-0669)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-179.NASL
    description libqt4 was updated to fix a information disclosure via QSharedMemory (CVE-2013-0254).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74917
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74917
    title openSUSE Security Update : libqt4 (openSUSE-SU-2013:0403-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBQTWEBKIT-DEVEL-130302.NASL
    description libqt4 has been updated to fix several security issues. - An information disclosure via QSharedMemory was fixed which allowed local attackers to read information (e.g. bitmap content) from the attacked user. (CVE-2013-0254) - openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL. (bnc#797006, CVE-2012-6093) - Various compromised SSL root certificates were blacklisted. Also a non-security bugfix has been applied : - Add fix for qdbusviewer not matching args (bnc#784197)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 65568
    published 2013-03-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65568
    title SuSE 11.2 Security Update : libqt4 (SAT Patch Number 7441)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201311-14.NASL
    description The remote host is affected by the vulnerability described in GLSA-201311-14 (QtCore, QtGui: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in QtCore and QtGui. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file with an application linked against QtCore or QtGui, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 71073
    published 2013-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71073
    title GLSA-201311-14 : QtCore, QtGui: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBQTWEBKIT-DEVEL-130301.NASL
    description libqt4 has been updated to fix several security issues. - An information disclosure via QSharedMemory was fixed which allowed local attackers to read information (e.g. bitmap content) from the attacked user. (CVE-2013-0254) - openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL. (bnc#797006, CVE-2012-6093) - Various compromised SSL root certificates were blacklisted. Also a non-security bugfix has been applied : - Add fix for qdbusviewer not matching args (bnc#784197)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 65567
    published 2013-03-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65567
    title SuSE 11.2 Security Update : libqt4 (SAT Patch Number 7441)
redhat via4
advisories
bugzilla
id 907425
title CVE-2013-0254 qt: QSharedMemory class created shared memory segments with insecure permissions
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment phonon-backend-gstreamer is earlier than 1:4.6.2-26.el6_4
        oval oval:com.redhat.rhsa:tst:20130669009
      • comment phonon-backend-gstreamer is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111323018
    • AND
      • comment qt is earlier than 1:4.6.2-26.el6_4
        oval oval:com.redhat.rhsa:tst:20130669005
      • comment qt is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111323006
    • AND
      • comment qt-demos is earlier than 1:4.6.2-26.el6_4
        oval oval:com.redhat.rhsa:tst:20130669015
      • comment qt-demos is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111323020
    • AND
      • comment qt-devel is earlier than 1:4.6.2-26.el6_4
        oval oval:com.redhat.rhsa:tst:20130669019
      • comment qt-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111323010
    • AND
      • comment qt-doc is earlier than 1:4.6.2-26.el6_4
        oval oval:com.redhat.rhsa:tst:20130669007
      • comment qt-doc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111323022
    • AND
      • comment qt-examples is earlier than 1:4.6.2-26.el6_4
        oval oval:com.redhat.rhsa:tst:20130669017
      • comment qt-examples is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111323012
    • AND
      • comment qt-mysql is earlier than 1:4.6.2-26.el6_4
        oval oval:com.redhat.rhsa:tst:20130669025
      • comment qt-mysql is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111323008
    • AND
      • comment qt-odbc is earlier than 1:4.6.2-26.el6_4
        oval oval:com.redhat.rhsa:tst:20130669013
      • comment qt-odbc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111323014
    • AND
      • comment qt-postgresql is earlier than 1:4.6.2-26.el6_4
        oval oval:com.redhat.rhsa:tst:20130669011
      • comment qt-postgresql is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111323026
    • AND
      • comment qt-sqlite is earlier than 1:4.6.2-26.el6_4
        oval oval:com.redhat.rhsa:tst:20130669023
      • comment qt-sqlite is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111323024
    • AND
      • comment qt-x11 is earlier than 1:4.6.2-26.el6_4
        oval oval:com.redhat.rhsa:tst:20130669021
      • comment qt-x11 is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111323016
rhsa
id RHSA-2013:0669
released 2013-03-21
severity Moderate
title RHSA-2013:0669: qt security update (Moderate)
rpms
  • phonon-backend-gstreamer-1:4.6.2-26.el6_4
  • qt-1:4.6.2-26.el6_4
  • qt-demos-1:4.6.2-26.el6_4
  • qt-devel-1:4.6.2-26.el6_4
  • qt-doc-1:4.6.2-26.el6_4
  • qt-examples-1:4.6.2-26.el6_4
  • qt-mysql-1:4.6.2-26.el6_4
  • qt-odbc-1:4.6.2-26.el6_4
  • qt-postgresql-1:4.6.2-26.el6_4
  • qt-sqlite-1:4.6.2-26.el6_4
  • qt-x11-1:4.6.2-26.el6_4
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=907425
mlist [qt-announce] 20130205 [Announce] [CVE-2013-0254] Qt Project Security Advisory: System V shared memory segments created world-writeable
suse
  • openSUSE-SU-2013:0403
  • openSUSE-SU-2013:0404
  • openSUSE-SU-2013:0411
Last major update 14-05-2013 - 23:34
Published 06-02-2013 - 07:05
Back to Top