SUSE: 2019:1806-1 Important: Libdlm, Libqb Local File Overwrite
suse
July 10, 2019
An update that solves one vulnerability and has three fixes is now available
Summary
This update for libdlm, libqb fixes the following issues: libqb to version 1.0.3: - CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which could have allowed a local attacker to overwrite privileged system files (bsc#1137835). - Enabled use of filesystem sockets for linux (fate#323415). - Fixed logging with newer binutils version (bsc#1074327). libdlm: - Explicitly used and linked libstonithd from libpacemaker3 (bsc#1098449). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1806=1
Topics Covered
References
#1069468 #1074327 #1098449 #1137835
Cross- CVE-2019-12779
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP4
SUSE Linux Enterprise High Availability 12-SP4
SUSE Linux Enterprise High Availability 12-SP3
https://www.suse.com/security/cve/CVE-2019-12779.html
https://bugzilla.suse.com/1069468
https://bugzilla.suse.com/1074327
https://bugzilla.suse.com/1098449
https://bugzilla.suse.com/1137835
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2019:1806-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!