Описание
ELSA-2015-1210: abrt security update (MODERATE)
abrt [2.0.8-26.0.1.el6_6.1]
- Add abrt-oracle-enterprise.patch to be product neutral
- Remove abrt-plugin-rhtsupport dependency for cli and desktop
- Make abrt Obsoletes/Provides abrt-plugin-rhtsupprot
[2.0.8-26.el6_6.1]
- remove old dump directories in upgrade
- remove outdated rmp scriptlets
- daemon: allow only root to submit CCpp, Koops, VMCore and Xorg problems
- abrt-action-install-debuginfo-to-abrt-cache: sanitize arguments and umask
- make the problem directories owned by abrt and the group root
- validate uploaded problem directories in abrt-handle-upload
- don't override nor remove files with user core dump files
- fix symbolic link and race condition flaws
- Resolves: #1211966
libreport [2.0.9-21.0.1.el6_6.1]
- Add oracle-enterprise.patch and oracle-enterprise-po.patch
- Remove libreport-plugin-rhtsupport pkg
[2.0.9-21.el6_6.1]
- switch dump directory owner from 'abrt:user' to 'user:abrt' (rhbz#1212093)
- harden against directory traversal, crafted symbolic links (rhbz#1212093)
- avoid race-conditions in dump dir opening (rhbz#1212093)
- Resolves: #1211966
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
abrt
2.0.8-26.0.1.el6_6.1
abrt-addon-ccpp
2.0.8-26.0.1.el6_6.1
abrt-addon-kerneloops
2.0.8-26.0.1.el6_6.1
abrt-addon-python
2.0.8-26.0.1.el6_6.1
abrt-addon-vmcore
2.0.8-26.0.1.el6_6.1
abrt-cli
2.0.8-26.0.1.el6_6.1
abrt-console-notification
2.0.8-26.0.1.el6_6.1
abrt-desktop
2.0.8-26.0.1.el6_6.1
abrt-devel
2.0.8-26.0.1.el6_6.1
abrt-gui
2.0.8-26.0.1.el6_6.1
abrt-libs
2.0.8-26.0.1.el6_6.1
abrt-python
2.0.8-26.0.1.el6_6.1
abrt-tui
2.0.8-26.0.1.el6_6.1
libreport
2.0.9-21.0.1.el6_6.1
libreport-cli
2.0.9-21.0.1.el6_6.1
libreport-compat
2.0.9-21.0.1.el6_6.1
libreport-devel
2.0.9-21.0.1.el6_6.1
libreport-filesystem
2.0.9-21.0.1.el6_6.1
libreport-gtk
2.0.9-21.0.1.el6_6.1
libreport-gtk-devel
2.0.9-21.0.1.el6_6.1
libreport-newt
2.0.9-21.0.1.el6_6.1
libreport-plugin-bugzilla
2.0.9-21.0.1.el6_6.1
libreport-plugin-kerneloops
2.0.9-21.0.1.el6_6.1
libreport-plugin-logger
2.0.9-21.0.1.el6_6.1
libreport-plugin-mailx
2.0.9-21.0.1.el6_6.1
libreport-plugin-reportuploader
2.0.9-21.0.1.el6_6.1
libreport-python
2.0.9-21.0.1.el6_6.1
Oracle Linux i686
abrt
2.0.8-26.0.1.el6_6.1
abrt-addon-ccpp
2.0.8-26.0.1.el6_6.1
abrt-addon-kerneloops
2.0.8-26.0.1.el6_6.1
abrt-addon-python
2.0.8-26.0.1.el6_6.1
abrt-addon-vmcore
2.0.8-26.0.1.el6_6.1
abrt-cli
2.0.8-26.0.1.el6_6.1
abrt-console-notification
2.0.8-26.0.1.el6_6.1
abrt-desktop
2.0.8-26.0.1.el6_6.1
abrt-devel
2.0.8-26.0.1.el6_6.1
abrt-gui
2.0.8-26.0.1.el6_6.1
abrt-libs
2.0.8-26.0.1.el6_6.1
abrt-python
2.0.8-26.0.1.el6_6.1
abrt-tui
2.0.8-26.0.1.el6_6.1
libreport
2.0.9-21.0.1.el6_6.1
libreport-cli
2.0.9-21.0.1.el6_6.1
libreport-compat
2.0.9-21.0.1.el6_6.1
libreport-devel
2.0.9-21.0.1.el6_6.1
libreport-filesystem
2.0.9-21.0.1.el6_6.1
libreport-gtk
2.0.9-21.0.1.el6_6.1
libreport-gtk-devel
2.0.9-21.0.1.el6_6.1
libreport-newt
2.0.9-21.0.1.el6_6.1
libreport-plugin-bugzilla
2.0.9-21.0.1.el6_6.1
libreport-plugin-kerneloops
2.0.9-21.0.1.el6_6.1
libreport-plugin-logger
2.0.9-21.0.1.el6_6.1
libreport-plugin-mailx
2.0.9-21.0.1.el6_6.1
libreport-plugin-reportuploader
2.0.9-21.0.1.el6_6.1
libreport-python
2.0.9-21.0.1.el6_6.1
Ссылки на источники
Связанные уязвимости
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.