QPluginLoader would search for certain plugins first on the current working directory of the application, which allows an attacker that can place files in the file system and influence the working directory of Qt-based applications to load and execute malicious code. Upstream Patches: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b3404f5293546ed390999f760404 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d
Created qt tracking bugs for this issue: Affects: fedora-all [bug 1800601]
Created qt5 tracking bugs for this issue: Affects: fedora-all [bug 1814163]
Created qt5-qtbase tracking bugs for this issue: Affects: epel-6 [bug 1814684]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4025 https://access.redhat.com/errata/RHSA-2020:4025
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-0569
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4690 https://access.redhat.com/errata/RHSA-2020:4690