exploitDog

SUSE-SU-2019:1806-1

Опубликовано: 10 июл. 2019

Источник: suse-cvrf

Описание

Security update for libdlm, libqb

This update for libdlm, libqb fixes the following issues:

libqb to version 1.0.3:

CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which could have allowed a local attacker to overwrite privileged system files (bsc#1137835).
Enabled use of filesystem sockets for linux (fate#323415).
Fixed logging with newer binutils version (bsc#1074327).

libdlm:

Explicitly used and linked libstonithd from libpacemaker3 (bsc#1098449).

Список пакетов

Image SLES12-SP5-Azure-SAP-BYOS

libdlm-4.0.7-3.3.2

libdlm3-4.0.7-3.3.2

libqb0-1.0.3+20171226.6d62b64-4.3.1

Image SLES12-SP5-Azure-SAP-On-Demand

libdlm-4.0.7-3.3.2

libdlm3-4.0.7-3.3.2

libqb0-1.0.3+20171226.6d62b64-4.3.1

Image SLES12-SP5-EC2-SAP-BYOS

libdlm-4.0.7-3.3.2

libdlm3-4.0.7-3.3.2

libqb0-1.0.3+20171226.6d62b64-4.3.1

Image SLES12-SP5-EC2-SAP-On-Demand

libdlm-4.0.7-3.3.2

libdlm3-4.0.7-3.3.2

libqb0-1.0.3+20171226.6d62b64-4.3.1

Image SLES12-SP5-GCE-SAP-BYOS

libdlm-4.0.7-3.3.2

libdlm3-4.0.7-3.3.2

libqb0-1.0.3+20171226.6d62b64-4.3.1

Image SLES12-SP5-GCE-SAP-On-Demand

libdlm-4.0.7-3.3.2

libdlm3-4.0.7-3.3.2

libqb0-1.0.3+20171226.6d62b64-4.3.1

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

libdlm-4.0.7-3.3.2

libdlm3-4.0.7-3.3.2

libqb0-1.0.3+20171226.6d62b64-4.3.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

libdlm-4.0.7-3.3.2

libdlm3-4.0.7-3.3.2

libqb0-1.0.3+20171226.6d62b64-4.3.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

libdlm-4.0.7-3.3.2

libdlm3-4.0.7-3.3.2

libqb0-1.0.3+20171226.6d62b64-4.3.1

SUSE Linux Enterprise High Availability Extension 12 SP3

libdlm-4.0.7-3.3.2

libdlm3-4.0.7-3.3.2

libqb0-1.0.3+20171226.6d62b64-4.3.1

SUSE Linux Enterprise High Availability Extension 12 SP4

libdlm-4.0.7-3.3.2

libdlm3-4.0.7-3.3.2

libqb0-1.0.3+20171226.6d62b64-4.3.1

SUSE Linux Enterprise Software Development Kit 12 SP4

libdlm-devel-4.0.7-3.3.2

libqb-devel-1.0.3+20171226.6d62b64-4.3.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20191806-1/
Link for SUSE-SU-2019:1806-1
https://lists.suse.com/pipermail/sle-security-updates/2019-July/005685.html
E-Mail link for SUSE-SU-2019:1806-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1069468
SUSE Bug 1069468
https://bugzilla.suse.com/1074327
SUSE Bug 1074327
https://bugzilla.suse.com/1098449
SUSE Bug 1098449
https://bugzilla.suse.com/1137835
SUSE Bug 1137835
https://www.suse.com/security/cve/CVE-2019-12779/
SUSE CVE CVE-2019-12779 page

Описание

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.

Затронутые продукты

Image SLES12-SP5-Azure-SAP-BYOS:libdlm-4.0.7-3.3.2

Image SLES12-SP5-Azure-SAP-BYOS:libdlm3-4.0.7-3.3.2

Image SLES12-SP5-Azure-SAP-BYOS:libqb0-1.0.3+20171226.6d62b64-4.3.1

Image SLES12-SP5-Azure-SAP-On-Demand:libdlm-4.0.7-3.3.2

Ссылки

https://www.suse.com/security/cve/CVE-2019-12779.html
CVE-2019-12779
https://bugzilla.suse.com/1137835
SUSE Bug 1137835