Debian Security Advisory
DLA-210-1 qt4-x11 -- LTS security update
- Date Reported:
- 30 Apr 2015
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 779550, Bug 783133.
In Mitre's CVE dictionary: CVE-2013-0254, CVE-2015-0295, CVE-2015-1858, CVE-2015-1859, CVE-2015-1860.
- More information:
This update fixes multiple security issues in the Qt library.
The QSharedMemory class uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
- CVE-2015-0295 / CVE-2015-1858 / CVE-2015-1859 / CVE-2015-1860
Denial of service (via segmentation faults) through crafted images (BMP, GIF, ICO).