CVE-2013-0254

Publication date 6 February 2013

Last updated 24 July 2024

Ubuntu priority

The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
qt4-x11	12.10 quantal	Fixed 4:4.8.3+dfsg-0ubuntu3.1
	12.04 LTS precise	Fixed 4:4.8.1-0ubuntu4.4
	11.10 oneiric	Fixed 4:4.7.4-0ubuntu8.3
	10.04 LTS lucid	Fixed 4:4.6.2-0ubuntu5.6
	8.04 LTS hardy	Ignored end of life

Notes

seth-arnold

"forthcoming 4.8.5, and the 4.7.6 [releases]"

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
qt4-x11	Upstream: 20b26bd Upstream: 57756e7

References

Related Ubuntu Security Notices (USN)