blob: a992d8104f2f6a2216aa5f6a2bcab606fda5a223 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200503-01">
<title>Qt: Untrusted library search path</title>
Qt may load shared libraries from an untrusted, world-writable directory,
resulting in the execution of arbitrary code.
<product type="ebuild">qt</product>
<announced>March 01, 2005</announced>
<revised>May 22, 2006: 02</revised>
<package name="x11-libs/qt" auto="yes" arch="*">
<unaffected range="ge">3.3.4-r2</unaffected>
<vulnerable range="lt">3.3.4-r2</vulnerable>
Qt is a cross-platform GUI toolkit used by KDE.
Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered
that Qt searches for shared libraries in an untrusted, world-writable
<impact type="normal">
A local attacker could create a malicious shared object that would be
loaded by Qt, resulting in the execution of arbitrary code with the
privileges of the Qt application.
There is no known workaround at this time.
All Qt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=x11-libs/qt-3.3.4-r2&quot;</code>
<uri link="">CVE-2005-0627</uri>
<metadata tag="submitter" timestamp="Tue, 15 Feb 2005 06:13:07 +0000">
<metadata tag="bugReady" timestamp="Tue, 1 Mar 2005 12:59:58 +0000">