ALAS2-2019-1210


Amazon Linux 2 Security Advisory: ALAS-2019-1210
Advisory Release Date: 2019-05-20 18:35 Pacific
Severity: Medium
References: CVE-PENDING 

Issue Overview:

A flaw was found in libqb. Insecure handling of temporary files could be exploited by a local attacker to overwrite privileged system files.

Upstream issue:

https://github.com/ClusterLabs/libqb/issues/338


Affected Packages:

libqb


Issue Correction:
Run yum update libqb to update your system.

New Packages:
aarch64:
    libqb-1.0.5-1.amzn2.aarch64
    libqb-debuginfo-1.0.5-1.amzn2.aarch64
    libqb-devel-1.0.5-1.amzn2.aarch64

i686:
    libqb-1.0.5-1.amzn2.i686
    libqb-debuginfo-1.0.5-1.amzn2.i686
    libqb-devel-1.0.5-1.amzn2.i686

src:
    libqb-1.0.5-1.amzn2.src

x86_64:
    libqb-1.0.5-1.amzn2.x86_64
    libqb-debuginfo-1.0.5-1.amzn2.x86_64
    libqb-devel-1.0.5-1.amzn2.x86_64