{"id":"OESA-2021-1141","summary":"libqb security update","details":"libqb provides high-performance, reusable features for client-server architecture, such as logging, tracing, inter-process communication (IPC), and polling.\r\n\r\nSecurity Fix(es):\r\n\r\nlibqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.(CVE-2019-12779)","modified":"2025-09-03T06:16:50.425942Z","published":"2021-04-07T11:02:49Z","upstream":["CVE-2019-12779"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1141"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12779"}],"affected":[{"package":{"name":"libqb","ecosystem":"openEuler:20.03-LTS-SP1","purl":"pkg:rpm/openEuler/libqb&distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.3-7.oe1"}]}],"ecosystem_specific":{"noarch":["libqb-help-1.0.3-7.oe1.noarch.rpm"],"src":["libqb-1.0.3-7.oe1.src.rpm"],"x86_64":["libqb-1.0.3-7.oe1.x86_64.rpm","libqb-debuginfo-1.0.3-7.oe1.x86_64.rpm","libqb-debugsource-1.0.3-7.oe1.x86_64.rpm","libqb-devel-1.0.3-7.oe1.x86_64.rpm"],"aarch64":["libqb-1.0.3-7.oe1.aarch64.rpm","libqb-debuginfo-1.0.3-7.oe1.aarch64.rpm","libqb-debugsource-1.0.3-7.oe1.aarch64.rpm","libqb-devel-1.0.3-7.oe1.aarch64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2021-1141.json"}}],"schema_version":"1.7.3"}