Bugzilla – Bug 1137835
VUL-0: CVE-2019-12779: libqb: insecure treatment of IPC (temporary) files
Last modified: 2022-04-28 12:55:10 UTC
rh#1695948 A flaw was found in libqb. Isecure handling of temporari files could be exploited by a local attacker to overwrite privileged system files. Upstream issue: https://github.com/ClusterLabs/libqb/issues/338 Upstream fixes: https://github.com/ClusterLabs/libqb/commit/e322e98dc264bc5911d6fe1d371e55ac9f95a71e https://github.com/ClusterLabs/libqb/commit/7cd7b06d52ac80c343f362c7e39ef75495439dfc References: https://bugzilla.redhat.com/show_bug.cgi?id=1685297 https://bugzilla.redhat.com/show_bug.cgi?id=1695948 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12779 https://github.com/ClusterLabs/libqb/releases/tag/v1.0.5 https://github.com/ClusterLabs/libqb/releases/tag/v1.0.4 https://github.com/ClusterLabs/libqb/issues/338 http://www.securityfocus.com/bid/108691
SUSE-SU-2019:1791-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1137835 CVE References: CVE-2019-12779 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): libqb-1.0.3+20190326.a521604-3.3.1 SUSE Linux Enterprise High Availability 15-SP1 (src): libqb-1.0.3+20190326.a521604-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:1806-1: An update that solves one vulnerability and has three fixes is now available. Category: security (important) Bug References: 1069468,1074327,1098449,1137835 CVE References: CVE-2019-12779 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): libdlm-4.0.7-3.3.2, libqb-1.0.3+20171226.6d62b64-4.3.1 SUSE Linux Enterprise High Availability 12-SP4 (src): libdlm-4.0.7-3.3.2, libqb-1.0.3+20171226.6d62b64-4.3.1 SUSE Linux Enterprise High Availability 12-SP3 (src): libdlm-4.0.7-3.3.2, libqb-1.0.3+20171226.6d62b64-4.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:1812-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1137835 CVE References: CVE-2019-12779 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): libqb-1.0.3+20171226.6d62b64-3.3.1 SUSE Linux Enterprise High Availability 15 (src): libqb-1.0.3+20171226.6d62b64-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1718-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1137835 CVE References: CVE-2019-12779 Sources used: openSUSE Leap 15.0 (src): libqb-1.0.3+20171226.6d62b64-lp150.2.3.1
openSUSE-SU-2019:1752-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1137835 CVE References: CVE-2019-12779 Sources used: openSUSE Leap 15.1 (src): libqb-1.0.3+20190326.a521604-lp151.2.3.1
openSUSE-SU-2019:1891-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1137835 CVE References: CVE-2019-12779 Sources used: openSUSE Backports SLE-15-SP1 (src): libqb-1.0.3+20190326.a521604-bp151.2.3.1