openSUSE has issued an advisory on July 20: https://lists.opensuse.org/opensuse-updates/2019-07/msg00083.html The issue is fixed upstream in 1.0.5. Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
libqb has no maintainer, so assigning this globally.
Assignee: bugsquad => pkg-bugs
Status comment: (none) => Fixed upstream in 1.0.5
libqb-1.0.5-1.mga8 uploaded for Cauldron by David Geiger.
CC: (none) => geiger.david68210Version: Cauldron => 7Whiteboard: MGA7TOO => (none)
Updated package uploaded for Mageia 7 by David Geiger. Advisory: ======================== Updated libqb packages fix security vulnerability: Insecure treatment of IPC temporary files which could allow a local attacker to overwrite privileged system files (CVE-2019-12779). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12779 https://lists.opensuse.org/opensuse-updates/2019-07/msg00083.html ======================== Updated packages in core/updates_testing: ======================== libqb0-1.0.5-1.mga7 libqb-devel-1.0.5-1.mga7 from libqb-1.0.5-1.mga7.src.rpm
Assignee: pkg-bugs => qa-bugsStatus comment: Fixed upstream in 1.0.5 => (none)
Mageia7, x86_64 This looks quite difficult to set up. It is a development environment apparently which requires certain files to copied from source to /etc/corosync. There is no config file provided out of the box, not even a template so this may take a while to figure out. It is highly probable that this shall result in "failure to launch", in which case it goes back on the conveyor belt.
CC: (none) => tarazed25
Oops, I missed out the the basics. libqp0 is used by corosync and pacemaker, neither of which are familiar, hence my scepticism.
As agreed at the last QA meeting this should be passed on the basis of a clean update.
Whiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0048.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED