{"schema_version":"1.7.2","id":"OESA-2021-1141","modified":"2021-04-07T11:02:49Z","published":"2021-04-07T11:02:49Z","upstream":["CVE-2019-12779"],"summary":"libqb security update","details":"libqb provides high-performance, reusable features for client-server architecture, such as logging, tracing, inter-process communication (IPC), and polling.\r\n\r\nSecurity Fix(es):\r\n\r\nlibqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.(CVE-2019-12779)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"libqb","purl":"pkg:rpm/openEuler/libqb\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.3-7.oe1"}]}],"ecosystem_specific":{"aarch64":["libqb-1.0.3-7.oe1.aarch64.rpm","libqb-debuginfo-1.0.3-7.oe1.aarch64.rpm","libqb-debugsource-1.0.3-7.oe1.aarch64.rpm","libqb-devel-1.0.3-7.oe1.aarch64.rpm"],"noarch":["libqb-help-1.0.3-7.oe1.noarch.rpm"],"src":["libqb-1.0.3-7.oe1.src.rpm"],"x86_64":["libqb-1.0.3-7.oe1.x86_64.rpm","libqb-debuginfo-1.0.3-7.oe1.x86_64.rpm","libqb-debugsource-1.0.3-7.oe1.x86_64.rpm","libqb-devel-1.0.3-7.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1141"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12779"}],"database_specific":{"severity":"High"}}