Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24822
HistoryOct 05, 2010 - 12:00 a.m.

[ MDVSA-2010:193 ] qt-creator

2010-10-0500:00:00
vulners.com
7
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2010:193
http://www.mandriva.com/security/

Package : qt-creator
Date : October 3, 2010
Affected: 2010.0, 2010.1

Problem Description:

A vulnerability has been found in Qt Creator 2.0.0 and previous
versions. The vulnerability occurs because of an insecure manipulation
of a Unix environment variable by the qtcreator shell script. It
manifests by causing Qt or Qt Creator to attempt to load certain
library names from the current working directory (CVE-2010-3374).

The updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3374
http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms

Updated Packages:

Mandriva Linux 2010.0:
72f483e1687632ee9887b5742b72891d 2010.0/i586/libaggregation1-1.2.1-2.2mdv2010.0.i586.rpm
38ef2476d9ca746576549cd230fed498 2010.0/i586/libcplusplus1-1.2.1-2.2mdv2010.0.i586.rpm
33d7aa73bc3793f7327e5e2160409f4b 2010.0/i586/libextensionsystem1-1.2.1-2.2mdv2010.0.i586.rpm
6429fd08060935dbecf7f7bdec4d2160 2010.0/i586/libqtconcurrent1-1.2.1-2.2mdv2010.0.i586.rpm
029072ad2feb8299499a79f75bf4ae8e 2010.0/i586/libutils1-1.2.1-2.2mdv2010.0.i586.rpm
af66282a6100278935d3a2137af01522 2010.0/i586/qt-creator-1.2.1-2.2mdv2010.0.i586.rpm
617fccd89b2020320e4492364caed27c 2010.0/i586/qt-creator-doc-1.2.1-2.2mdv2010.0.i586.rpm
1a7f7c6820ac43102c30bf3c5ffa570c 2010.0/SRPMS/qt-creator-1.2.1-2.2mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
a2b277c9e816765850be2242dd725738 2010.0/x86_64/lib64aggregation1-1.2.1-2.2mdv2010.0.x86_64.rpm
553865d75cf73ac6c878b013dd7230eb 2010.0/x86_64/lib64cplusplus1-1.2.1-2.2mdv2010.0.x86_64.rpm
b4067d049b8333c6986eb7b7ae15bd92 2010.0/x86_64/lib64extensionsystem1-1.2.1-2.2mdv2010.0.x86_64.rpm
4edc6b295e3da81e798abf9fd7f29055 2010.0/x86_64/lib64qtconcurrent1-1.2.1-2.2mdv2010.0.x86_64.rpm
4513fa9422e50fc2766009cd0e36bef3 2010.0/x86_64/lib64utils1-1.2.1-2.2mdv2010.0.x86_64.rpm
75e44c0a21ee51a31723b8745f1dafca 2010.0/x86_64/qt-creator-1.2.1-2.2mdv2010.0.x86_64.rpm
f150dba6979ef40f976972f6acc75180 2010.0/x86_64/qt-creator-doc-1.2.1-2.2mdv2010.0.x86_64.rpm
1a7f7c6820ac43102c30bf3c5ffa570c 2010.0/SRPMS/qt-creator-1.2.1-2.2mdv2010.0.src.rpm

Mandriva Linux 2010.1:
127afd19d86e5e5fb75a9a9a98ceec10 2010.1/i586/qt-creator-1.3.1-3.2mdv2010.1.i586.rpm
2af40e3c8026a3cf2c2a363bac6f04c5 2010.1/i586/qt-creator-doc-1.3.1-3.2mdv2010.1.i586.rpm
4cd4b31b37f920c3c4e8c074c5d6e6d5 2010.1/SRPMS/qt-creator-1.3.1-3.2mdv2010.1.src.rpm

Mandriva Linux 2010.1/X86_64:
d36be9f4a84212098a5c18248a5f4465 2010.1/x86_64/qt-creator-1.3.1-3.2mdv2010.1.x86_64.rpm
911034c2b800c9021141242a56aae79a 2010.1/x86_64/qt-creator-doc-1.3.1-3.2mdv2010.1.x86_64.rpm
4cd4b31b37f920c3c4e8c074c5d6e6d5 2010.1/SRPMS/qt-creator-1.3.1-3.2mdv2010.1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMqEsRmqjQ0CJFipgRAm4BAJ0b7XnaZghX83QGkIWeI0h4/+AdbgCfVdIv
XmQcNcc6OmY0kXyBYjnudVs=
=YDKE
-----END PGP SIGNATURE-----

Related

prion 1
ubuntucve 1
securityvulns 1
cve 1
openvas 3
nessus 2
debiancve 1
gentoo 1
prion
prion
Directory traversal
2010-10-04 21:00:00
ubuntucve
ubuntucve
CVE-2010-3374
2010-10-04 00:00:00
securityvulns
securityvulns
Qt Creator code execution
2010-10-05 00:00:00
cve
cve
CVE-2010-3374
2010-10-04 21:00:00
openvas
openvas
Mandriva Update for qt-creator MDVSA-2010:193 (qt-creator)
2010-10-04 00:00:00
Mandriva Update for qt-creator MDVSA-2010:193 (qt-creator)
2010-10-04 00:00:00
Gentoo Security Advisory GLSA 201412-09
2015-09-29 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : qt-creator (MDVSA-2010:193)
2010-10-06 00:00:00
GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011
2014-12-15 00:00:00
debiancve
debiancve
CVE-2010-3374
2010-10-04 21:00:00
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2011
2014-12-11 00:00:00
JSON
Related for SECURITYVULNS:DOC:24822
prion1ubuntucve1securityvulns1cve1openvas3nessus2debiancve1gentoo1