libqb prior to 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
Synopsis
Moderate: libqb security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for libqb is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Synopsis
Moderate: libqb security update
Type/Severity
Security Advisory: Moderate
Topic
An update for libqb is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...
A flaw was found in libqb Insecure handling of temporary files could be exploited by a local attacker to overwrite privileged system files
Upstream issue:
githubcom/ClusterLabs/libqb/issues/338 ...
Vulmon