Описание
Security update for libqb
This update for libqb fixes the following issue:
Security issue fixed:
- CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which could have allowed a local attacker to overwrite privileged system files (bsc#1137835).
Список пакетов
SUSE Linux Enterprise High Availability Extension 15 SP1
libqb-devel-1.0.3+20190326.a521604-3.3.1
libqb-tests-1.0.3+20190326.a521604-3.3.1
libqb-tools-1.0.3+20190326.a521604-3.3.1
libqb20-1.0.3+20190326.a521604-3.3.1
Ссылки
- Link for SUSE-SU-2019:1791-1
- E-Mail link for SUSE-SU-2019:1791-1
- SUSE Security Ratings
- SUSE Bug 1137835
- SUSE CVE CVE-2019-12779 page
Описание
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15 SP1:libqb-devel-1.0.3+20190326.a521604-3.3.1
SUSE Linux Enterprise High Availability Extension 15 SP1:libqb-tests-1.0.3+20190326.a521604-3.3.1
SUSE Linux Enterprise High Availability Extension 15 SP1:libqb-tools-1.0.3+20190326.a521604-3.3.1
SUSE Linux Enterprise High Availability Extension 15 SP1:libqb20-1.0.3+20190326.a521604-3.3.1
Ссылки
- CVE-2019-12779
- SUSE Bug 1137835