Описание
Security update for libqb
This update for libqb fixes the following issues:
Security issue fixed:
- CVE-2019-12779: Fixed an issue where a local attacker could overwrite privileged system files (bsc#1137835).
Список пакетов
SUSE Linux Enterprise High Availability Extension 15
libqb-devel-1.0.3+20171226.6d62b64-3.3.1
libqb0-1.0.3+20171226.6d62b64-3.3.1
Ссылки
- Link for SUSE-SU-2019:1812-1
- E-Mail link for SUSE-SU-2019:1812-1
- SUSE Security Ratings
- SUSE Bug 1137835
- SUSE CVE CVE-2019-12779 page
Описание
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:libqb-devel-1.0.3+20171226.6d62b64-3.3.1
SUSE Linux Enterprise High Availability Extension 15:libqb0-1.0.3+20171226.6d62b64-3.3.1
Ссылки
- CVE-2019-12779
- SUSE Bug 1137835