Debian Security Advisory

DLA-210-1 qt4-x11 -- LTS security update

Date Reported:
30 Apr 2015
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 779550, Bug 783133.
In Mitre's CVE dictionary: CVE-2013-0254, CVE-2015-0295, CVE-2015-1858, CVE-2015-1859, CVE-2015-1860.
More information:

This update fixes multiple security issues in the Qt library.

  • CVE-2013-0254

    The QSharedMemory class uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.

  • CVE-2015-0295 / CVE-2015-1858 / CVE-2015-1859 / CVE-2015-1860

    Denial of service (via segmentation faults) through crafted images (BMP, GIF, ICO).