Описание
Security update for libqb
This update for libqb fixes the following issue:
Security issue fixed:
- CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which could have allowed a local attacker to overwrite privileged system files (bsc#1137835).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Список пакетов
openSUSE Leap 15.1
libqb-devel-1.0.3+20190326.a521604-lp151.2.3.1
libqb-devel-32bit-1.0.3+20190326.a521604-lp151.2.3.1
libqb-tests-1.0.3+20190326.a521604-lp151.2.3.1
libqb-tools-1.0.3+20190326.a521604-lp151.2.3.1
libqb20-1.0.3+20190326.a521604-lp151.2.3.1
libqb20-32bit-1.0.3+20190326.a521604-lp151.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1752-1
- SUSE Security Ratings
- SUSE Bug 1137835
- SUSE CVE CVE-2019-12779 page
Описание
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
Затронутые продукты
openSUSE Leap 15.1:libqb-devel-1.0.3+20190326.a521604-lp151.2.3.1
openSUSE Leap 15.1:libqb-devel-32bit-1.0.3+20190326.a521604-lp151.2.3.1
openSUSE Leap 15.1:libqb-tests-1.0.3+20190326.a521604-lp151.2.3.1
openSUSE Leap 15.1:libqb-tools-1.0.3+20190326.a521604-lp151.2.3.1
Ссылки
- CVE-2019-12779
- SUSE Bug 1137835