libqb is a library with the primary purpose of providing high-performance, reusable features for client-server architecture, such as logging, tracing, inter-process communication (IPC), and polling.
It was discovered that libqb used predictable filenames (under /dev/shm and /tmp) without O_EXCL.
A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application linked against libqb.
There is no known workaround at this time.
All libqb users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-cluster/libqb-1.0.5"