ALAS2022-2021-006

Amazon Linux 2022 Security Advisory: ALAS-2021-006
Advisory Release Date: 2021-12-17 20:58 Pacific
Advisory Updated Date: 2021-12-17 22:31 Pacific
Severity: Medium
Issue Overview:

Qt5 versions up to qt 5.12.7, qt 5.14.1, qt 5.15.0 allows plugins to be loaded from current working directory, this can lead to compromised plugins to loaded leading to possible arbitrary code execution. (CVE-2020-24741)


Affected Packages:

qt


Issue Correction:
Run dnf update --releasever=2022.0.20211217 qt to update your system.

New Packages:
aarch64:
    qt-mysql-debuginfo-4.8.7-61.amzn2022.aarch64
    qt-tds-4.8.7-61.amzn2022.aarch64
    qt-ibase-debuginfo-4.8.7-61.amzn2022.aarch64
    qt-odbc-debuginfo-4.8.7-61.amzn2022.aarch64
    qt-config-4.8.7-61.amzn2022.aarch64
    qt-designer-plugin-webkit-debuginfo-4.8.7-61.amzn2022.aarch64
    qt-config-debuginfo-4.8.7-61.amzn2022.aarch64
    qt-postgresql-debuginfo-4.8.7-61.amzn2022.aarch64
    qt-qvfb-debuginfo-4.8.7-61.amzn2022.aarch64
    qt-mysql-4.8.7-61.amzn2022.aarch64
    qt-ibase-4.8.7-61.amzn2022.aarch64
    qt-debuginfo-4.8.7-61.amzn2022.aarch64
    qt-tds-debuginfo-4.8.7-61.amzn2022.aarch64
    qt-devel-debuginfo-4.8.7-61.amzn2022.aarch64
    qt-assistant-debuginfo-4.8.7-61.amzn2022.aarch64
    qt-designer-plugin-webkit-4.8.7-61.amzn2022.aarch64
    qt-qdbusviewer-debuginfo-4.8.7-61.amzn2022.aarch64
    qt-qvfb-4.8.7-61.amzn2022.aarch64
    qt-demos-debuginfo-4.8.7-61.amzn2022.aarch64
    qt-x11-debuginfo-4.8.7-61.amzn2022.aarch64
    qt-qdbusviewer-4.8.7-61.amzn2022.aarch64
    qt-postgresql-4.8.7-61.amzn2022.aarch64
    qt-odbc-4.8.7-61.amzn2022.aarch64
    qt-assistant-4.8.7-61.amzn2022.aarch64
    qt-4.8.7-61.amzn2022.aarch64
    qt-demos-4.8.7-61.amzn2022.aarch64
    qt-x11-4.8.7-61.amzn2022.aarch64
    qt-examples-debuginfo-4.8.7-61.amzn2022.aarch64
    qt-devel-4.8.7-61.amzn2022.aarch64
    qt-examples-4.8.7-61.amzn2022.aarch64
    qt-debugsource-4.8.7-61.amzn2022.aarch64

noarch:
    qt-common-4.8.7-61.amzn2022.noarch
    qt-devel-private-4.8.7-61.amzn2022.noarch
    qt-doc-4.8.7-61.amzn2022.noarch

src:
    qt-4.8.7-61.amzn2022.src

x86_64:
    qt-config-debuginfo-4.8.7-61.amzn2022.x86_64
    qt-mysql-debuginfo-4.8.7-61.amzn2022.x86_64
    qt-postgresql-debuginfo-4.8.7-61.amzn2022.x86_64
    qt-qvfb-4.8.7-61.amzn2022.x86_64
    qt-x11-debuginfo-4.8.7-61.amzn2022.x86_64
    qt-designer-plugin-webkit-debuginfo-4.8.7-61.amzn2022.x86_64
    qt-postgresql-4.8.7-61.amzn2022.x86_64
    qt-ibase-4.8.7-61.amzn2022.x86_64
    qt-devel-debuginfo-4.8.7-61.amzn2022.x86_64
    qt-tds-4.8.7-61.amzn2022.x86_64
    qt-demos-debuginfo-4.8.7-61.amzn2022.x86_64
    qt-assistant-debuginfo-4.8.7-61.amzn2022.x86_64
    qt-ibase-debuginfo-4.8.7-61.amzn2022.x86_64
    qt-odbc-4.8.7-61.amzn2022.x86_64
    qt-assistant-4.8.7-61.amzn2022.x86_64
    qt-config-4.8.7-61.amzn2022.x86_64
    qt-qvfb-debuginfo-4.8.7-61.amzn2022.x86_64
    qt-tds-debuginfo-4.8.7-61.amzn2022.x86_64
    qt-designer-plugin-webkit-4.8.7-61.amzn2022.x86_64
    qt-qdbusviewer-debuginfo-4.8.7-61.amzn2022.x86_64
    qt-odbc-debuginfo-4.8.7-61.amzn2022.x86_64
    qt-debuginfo-4.8.7-61.amzn2022.x86_64
    qt-4.8.7-61.amzn2022.x86_64
    qt-mysql-4.8.7-61.amzn2022.x86_64
    qt-qdbusviewer-4.8.7-61.amzn2022.x86_64
    qt-x11-4.8.7-61.amzn2022.x86_64
    qt-demos-4.8.7-61.amzn2022.x86_64
    qt-examples-debuginfo-4.8.7-61.amzn2022.x86_64
    qt-examples-4.8.7-61.amzn2022.x86_64
    qt-devel-4.8.7-61.amzn2022.x86_64
    qt-debugsource-4.8.7-61.amzn2022.x86_64

Additional References

Red Hat: CVE-2020-24741

Mitre: CVE-2020-24741