Описание
Security update for libqb
This update for libqb fixes the following issues:
Security issue fixed:
- CVE-2019-12779: Fixed an issue where a local attacker could overwrite privileged system files (bsc#1137835).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
libqb-devel-1.0.3+20171226.6d62b64-lp150.2.3.1
libqb-devel-32bit-1.0.3+20171226.6d62b64-lp150.2.3.1
libqb0-1.0.3+20171226.6d62b64-lp150.2.3.1
libqb0-32bit-1.0.3+20171226.6d62b64-lp150.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1718-1
- SUSE Security Ratings
- SUSE Bug 1137835
- SUSE CVE CVE-2019-12779 page
Описание
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
Затронутые продукты
openSUSE Leap 15.0:libqb-devel-1.0.3+20171226.6d62b64-lp150.2.3.1
openSUSE Leap 15.0:libqb-devel-32bit-1.0.3+20171226.6d62b64-lp150.2.3.1
openSUSE Leap 15.0:libqb0-1.0.3+20171226.6d62b64-lp150.2.3.1
openSUSE Leap 15.0:libqb0-32bit-1.0.3+20171226.6d62b64-lp150.2.3.1
Ссылки
- CVE-2019-12779
- SUSE Bug 1137835