Support / Security / Advisories / Mandriva Linux 2010.0 / MDVSA-2010:193

Package name: qt-creator
Date: 2010-10-03
Advisory ID: MDVSA-2010:193
Affected versions: 2010.1 x86_64 , 2010.1 i586 , 2010.0 x86_64 , 2010.0 i586

Problem description

A vulnerability has been found in Qt Creator 2.0.0 and previous
versions. The vulnerability occurs because of an insecure manipulation
of a Unix environment variable by the qtcreator shell script. It
manifests by causing Qt or Qt Creator to attempt to load certain
library names from the current working directory (CVE-2010-3374).

The updated packages have been patched to correct this issue.

Updated packages

2010.1 x86_64

 d36be9f4a84212098a5c18248a5f4465  2010.1/x86_64/qt-creator-1.3.1-3.2mdv2010.1.x86_64.rpm
 911034c2b800c9021141242a56aae79a  2010.1/x86_64/qt-creator-doc-1.3.1-3.2mdv2010.1.x86_64.rpm 
 4cd4b31b37f920c3c4e8c074c5d6e6d5  2010.1/SRPMS/qt-creator-1.3.1-3.2mdv2010.1.src.rpm

2010.1 i586

 127afd19d86e5e5fb75a9a9a98ceec10  2010.1/i586/qt-creator-1.3.1-3.2mdv2010.1.i586.rpm
 2af40e3c8026a3cf2c2a363bac6f04c5  2010.1/i586/qt-creator-doc-1.3.1-3.2mdv2010.1.i586.rpm 
 4cd4b31b37f920c3c4e8c074c5d6e6d5  2010.1/SRPMS/qt-creator-1.3.1-3.2mdv2010.1.src.rpm

2010.0 x86_64

 a2b277c9e816765850be2242dd725738  2010.0/x86_64/lib64aggregation1-1.2.1-2.2mdv2010.0.x86_64.rpm
 553865d75cf73ac6c878b013dd7230eb  2010.0/x86_64/lib64cplusplus1-1.2.1-2.2mdv2010.0.x86_64.rpm
 b4067d049b8333c6986eb7b7ae15bd92  2010.0/x86_64/lib64extensionsystem1-1.2.1-2.2mdv2010.0.x86_64.rpm
 4edc6b295e3da81e798abf9fd7f29055  2010.0/x86_64/lib64qtconcurrent1-1.2.1-2.2mdv2010.0.x86_64.rpm
 4513fa9422e50fc2766009cd0e36bef3  2010.0/x86_64/lib64utils1-1.2.1-2.2mdv2010.0.x86_64.rpm
 75e44c0a21ee51a31723b8745f1dafca  2010.0/x86_64/qt-creator-1.2.1-2.2mdv2010.0.x86_64.rpm
 f150dba6979ef40f976972f6acc75180  2010.0/x86_64/qt-creator-doc-1.2.1-2.2mdv2010.0.x86_64.rpm 
 1a7f7c6820ac43102c30bf3c5ffa570c  2010.0/SRPMS/qt-creator-1.2.1-2.2mdv2010.0.src.rpm

2010.0 i586

 72f483e1687632ee9887b5742b72891d  2010.0/i586/libaggregation1-1.2.1-2.2mdv2010.0.i586.rpm
 38ef2476d9ca746576549cd230fed498  2010.0/i586/libcplusplus1-1.2.1-2.2mdv2010.0.i586.rpm
 33d7aa73bc3793f7327e5e2160409f4b  2010.0/i586/libextensionsystem1-1.2.1-2.2mdv2010.0.i586.rpm
 6429fd08060935dbecf7f7bdec4d2160  2010.0/i586/libqtconcurrent1-1.2.1-2.2mdv2010.0.i586.rpm
 029072ad2feb8299499a79f75bf4ae8e  2010.0/i586/libutils1-1.2.1-2.2mdv2010.0.i586.rpm
 af66282a6100278935d3a2137af01522  2010.0/i586/qt-creator-1.2.1-2.2mdv2010.0.i586.rpm
 617fccd89b2020320e4492364caed27c  2010.0/i586/qt-creator-doc-1.2.1-2.2mdv2010.0.i586.rpm 
 1a7f7c6820ac43102c30bf3c5ffa570c  2010.0/SRPMS/qt-creator-1.2.1-2.2mdv2010.0.src.rpm

MDVSA-2010:193