Описание
ELSA-2015-2505: abrt and libreport security update (MODERATE)
abrt [2.1.11-35.0.1]
- Drop libreport-rhel and libreport-plugin-rhtsupport requires
[2.1.11-35]
- make /var/spool/abrt owned by root
- remove 'r' from /var/spool/abrt for other users
- abrt-action-install-debug-info: use secure temporary directory
- stop saving abrt's core files to /var/spool/abrt if DebugLevel < 1
- Fixes for: CVE-2015-5273 and CVE-2015-5287
- Resolves: #1266853
libreport [2.1.11-31.0.1]
- Update workflow xml for Oracle [18945470]
- Add oracle-enterprise.patch and oracle-enterprise-po.patch
- Remove libreport-plugin-rhtsupport and libreport-rhel
- Added orabug20390725.patch to remove redhat reference [bug 20390725]
- Added Bug20357383.patch to remove redhat reference [bug 20357383]
[2.1.11-31]
- save all files changed by the reporter in the reporting GUI
- Fixes CVE-2015-5302
- Related: #1266853
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
abrt
2.1.11-35.0.1.el7
abrt-addon-ccpp
2.1.11-35.0.1.el7
abrt-addon-kerneloops
2.1.11-35.0.1.el7
abrt-addon-pstoreoops
2.1.11-35.0.1.el7
abrt-addon-python
2.1.11-35.0.1.el7
abrt-addon-upload-watch
2.1.11-35.0.1.el7
abrt-addon-vmcore
2.1.11-35.0.1.el7
abrt-addon-xorg
2.1.11-35.0.1.el7
abrt-cli
2.1.11-35.0.1.el7
abrt-console-notification
2.1.11-35.0.1.el7
abrt-dbus
2.1.11-35.0.1.el7
abrt-desktop
2.1.11-35.0.1.el7
abrt-devel
2.1.11-35.0.1.el7
abrt-gui
2.1.11-35.0.1.el7
abrt-gui-devel
2.1.11-35.0.1.el7
abrt-gui-libs
2.1.11-35.0.1.el7
abrt-libs
2.1.11-35.0.1.el7
abrt-python
2.1.11-35.0.1.el7
abrt-python-doc
2.1.11-35.0.1.el7
abrt-retrace-client
2.1.11-35.0.1.el7
abrt-tui
2.1.11-35.0.1.el7
libreport
2.1.11-31.0.1.el7
libreport-anaconda
2.1.11-31.0.1.el7
libreport-cli
2.1.11-31.0.1.el7
libreport-compat
2.1.11-31.0.1.el7
libreport-devel
2.1.11-31.0.1.el7
libreport-filesystem
2.1.11-31.0.1.el7
libreport-gtk
2.1.11-31.0.1.el7
libreport-gtk-devel
2.1.11-31.0.1.el7
libreport-newt
2.1.11-31.0.1.el7
libreport-plugin-bugzilla
2.1.11-31.0.1.el7
libreport-plugin-kerneloops
2.1.11-31.0.1.el7
libreport-plugin-logger
2.1.11-31.0.1.el7
libreport-plugin-mailx
2.1.11-31.0.1.el7
libreport-plugin-reportuploader
2.1.11-31.0.1.el7
libreport-plugin-ureport
2.1.11-31.0.1.el7
libreport-python
2.1.11-31.0.1.el7
libreport-rhel-anaconda-bugzilla
2.1.11-31.0.1.el7
libreport-rhel-bugzilla
2.1.11-31.0.1.el7
libreport-web
2.1.11-31.0.1.el7
libreport-web-devel
2.1.11-31.0.1.el7
Связанные CVE
Связанные уязвимости
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.