{"affected":[{"ecosystem_specific":{"binaries":[{"libdlm":"4.0.7-3.3.2","libdlm3":"4.0.7-3.3.2","libqb0":"1.0.3+20171226.6d62b64-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Availability Extension 12 SP3","name":"libdlm","purl":"pkg:rpm/suse/libdlm&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.7-3.3.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libdlm":"4.0.7-3.3.2","libdlm3":"4.0.7-3.3.2","libqb0":"1.0.3+20171226.6d62b64-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Availability Extension 12 SP3","name":"libqb","purl":"pkg:rpm/suse/libqb&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.3+20171226.6d62b64-4.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libdlm":"4.0.7-3.3.2","libdlm3":"4.0.7-3.3.2","libqb0":"1.0.3+20171226.6d62b64-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Availability Extension 12 SP4","name":"libdlm","purl":"pkg:rpm/suse/libdlm&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.7-3.3.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libdlm":"4.0.7-3.3.2","libdlm3":"4.0.7-3.3.2","libqb0":"1.0.3+20171226.6d62b64-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Availability Extension 12 SP4","name":"libqb","purl":"pkg:rpm/suse/libqb&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.3+20171226.6d62b64-4.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libdlm-devel":"4.0.7-3.3.2","libqb-devel":"1.0.3+20171226.6d62b64-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP4","name":"libdlm","purl":"pkg:rpm/suse/libdlm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.7-3.3.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libdlm-devel":"4.0.7-3.3.2","libqb-devel":"1.0.3+20171226.6d62b64-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP4","name":"libqb","purl":"pkg:rpm/suse/libqb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.3+20171226.6d62b64-4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libdlm, libqb fixes the following issues:\n\nlibqb to version 1.0.3:\n\n- CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which could\n  have allowed a local attacker to overwrite privileged system files (bsc#1137835).\n- Enabled use of filesystem sockets for linux (fate#323415).\n- Fixed logging with newer binutils version (bsc#1074327).\n\nlibdlm:\n\n- Explicitly used and linked libstonithd from libpacemaker3 (bsc#1098449).\n","id":"SUSE-SU-2019:1806-1","modified":"2019-07-10T09:29:09Z","published":"2019-07-10T09:29:09Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20191806-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1069468"},{"type":"REPORT","url":"https://bugzilla.suse.com/1074327"},{"type":"REPORT","url":"https://bugzilla.suse.com/1098449"},{"type":"REPORT","url":"https://bugzilla.suse.com/1137835"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12779"}],"related":["CVE-2019-12779"],"summary":"Security update for libdlm, libqb","upstream":["CVE-2019-12779"]}