Bug 1137835 (CVE-2019-12779)

Summary: VUL-0: CVE-2019-12779: libqb: insecure treatment of IPC (temporary) files
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Yan Gao <ygao>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: gabriele.sonnu, smash_bz, ygao
Version: unspecifiedFlags: gabriele.sonnu: needinfo? (ygao)
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/234606/
Whiteboard: CVSSv3:SUSE:CVE-2019-12779:6.5:(AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N) maint:planned:update
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 4 Swamp Workflow Management 2019-07-09 19:19:47 UTC 
SUSE-SU-2019:1791-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1137835
CVE References: CVE-2019-12779
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    libqb-1.0.3+20190326.a521604-3.3.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    libqb-1.0.3+20190326.a521604-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2019-07-10 13:16:12 UTC 
SUSE-SU-2019:1806-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (important)
Bug References: 1069468,1074327,1098449,1137835
CVE References: CVE-2019-12779
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    libdlm-4.0.7-3.3.2, libqb-1.0.3+20171226.6d62b64-4.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    libdlm-4.0.7-3.3.2, libqb-1.0.3+20171226.6d62b64-4.3.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    libdlm-4.0.7-3.3.2, libqb-1.0.3+20171226.6d62b64-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2019-07-10 19:11:34 UTC 
SUSE-SU-2019:1812-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1137835
CVE References: CVE-2019-12779
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    libqb-1.0.3+20171226.6d62b64-3.3.1
SUSE Linux Enterprise High Availability 15 (src):    libqb-1.0.3+20171226.6d62b64-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2019-07-19 10:30:46 UTC 
openSUSE-SU-2019:1718-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1137835
CVE References: CVE-2019-12779
Sources used:
openSUSE Leap 15.0 (src):    libqb-1.0.3+20171226.6d62b64-lp150.2.3.1
Comment 8 Swamp Workflow Management 2019-07-20 10:28:17 UTC 
openSUSE-SU-2019:1752-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1137835
CVE References: CVE-2019-12779
Sources used:
openSUSE Leap 15.1 (src):    libqb-1.0.3+20190326.a521604-lp151.2.3.1
Comment 9 Swamp Workflow Management 2019-08-14 22:12:12 UTC 
openSUSE-SU-2019:1891-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1137835
CVE References: CVE-2019-12779
Sources used:
openSUSE Backports SLE-15-SP1 (src):    libqb-1.0.3+20190326.a521604-bp151.2.3.1