[security - medium] abrt and libreport security update
エラータID: AXSA:2015-920:01
Release date:
Thursday, December 10, 2015 - 12:26
Subject:
[security - medium] abrt and libreport security update
Affected Channels:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
abrt
abrt is a tool to help users to detect defects in applications and
to create a bug report with all information needed by maintainer to fix it.
It uses plugin system to extend its functionality.
libreport
Libraries providing API for reporting different problems in applications
to different bug targets like Bugzilla, ftp, trac, etc...
Security issues fixed with this release:
CVE-2015-5273
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-5287
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-5302
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Solution:
Update packages.
CVEs:
CVE-2015-5273
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
CVE-2015-5287
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
CVE-2015-5302
libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report.
libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report.
Additional Info:
N/A
Download:
SRPMS
- abrt-2.1.11-35.0.1.el7.AXS7.src.rpm
MD5: 3547f0fe75e415f567864c003c65b686
SHA-256: 3d97ebbde9729298bed4ace6fc19d0cdbae4163942ca99cf2e76abba058ebe08
Size: 3.69 MB - libreport-2.1.11-31.0.1.el7.AXS7.src.rpm
MD5: 3b80d6bf853592ff544422beacc827c8
SHA-256: cfcc24237dd1038dace9cdb9b42c053f5d4e025a1547ca4f89c0c0223fae9abb
Size: 4.84 MB - satyr-0.13-12.el7.src.rpm
MD5: 2a8cb48e021385bcf6693fa2b59cf247
SHA-256: 50cf4a27038057d121f21c0847133d4601fa9990ad74bdd468776ba5de028d0a
Size: 509.85 kB
Asianux Server 7 for x86_64
- abrt-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: 0768be2b0c02318b9d2322cbbe9aca91
SHA-256: 7e3ec465e31532e21ced51797c47dedc89239596d8049d44a2fa28413c077dd5
Size: 528.65 kB - abrt-addon-ccpp-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: faf3b1c98eedd917dcc3e576369621c4
SHA-256: 7d5a275a3e96920de6643e34a029f9d1798e87a5b2fe3d89c4853d4250033f19
Size: 186.75 kB - abrt-addon-kerneloops-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: 0ad81b5c46e894058d5619330ba1a693
SHA-256: 352dd9291039620735c5e24fd6ae2c6d008234775e765231c3e5815eb52a45c9
Size: 101.40 kB - abrt-addon-pstoreoops-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: d15155fb46ac80f02497c6d10cde2cb2
SHA-256: 768aa9039262f2d55e2126994b5d8c33eaf3e198112e3ca26421b71a4e9c149a
Size: 92.07 kB - abrt-addon-python-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: 85aa8bd6a5eee50afb104d11f783a7b8
SHA-256: 25e42f705717389551b43358129328dac9b366eecf1715c6c4e503e7e6d7d587
Size: 97.70 kB - abrt-addon-vmcore-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: 8250c9190bc6460c7cec749126cf2bfc
SHA-256: 425e69d9d914f877fccd42e4cf81fb004e964ff56cb374164ab7f96ba47816d1
Size: 101.95 kB - abrt-addon-xorg-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: db287e083563956dbcd36ed7b5b8e470
SHA-256: 98004faed2f4ad0297a8752f069131422ea2379cf5a8a95e1c8f06928795ef76
Size: 92.71 kB - abrt-cli-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: 94944f109b777cd93bc1065aa7d93636
SHA-256: c75ba9209ebdd8786e3c8461ac6d0f41252d204e47551e63b8f77f3181bcff1f
Size: 83.10 kB - abrt-console-notification-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: 5f63d18594a34c2eff2ad31506ff277a
SHA-256: 9d794e500260ef9f2c24d93ba91a507b673736af1f1ec8b5e00daa14ac29f876
Size: 84.32 kB - abrt-dbus-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: 3f22f6707034ca18d9cde69c7df64b61
SHA-256: 5152cf19dda5c75d533de058e84a5424a0442a59944d8188e4b603be94b036ca
Size: 116.86 kB - abrt-desktop-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: 17c9c258262866f80eaf4efee1ab2603
SHA-256: b1809f2f3ac19dfec6f12e547de1170439272c5a45284f6a119bcd49eb523558
Size: 83.17 kB - abrt-gui-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: 83d70d6cad68226855e68669d5fbc00f
SHA-256: 3c5fd3203c6ce477507e6c15798f777e83bcd8707e38602b114179d6ea03b082
Size: 185.85 kB - abrt-gui-libs-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: 5a5a16baf7f5c1da1348bd608b908c9d
SHA-256: 0f9af4101170a5a665fabf1400a65b74ec988988cc1a0898830db2aabdd676b0
Size: 90.68 kB - abrt-libs-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: 0932b1efd8d179768cad5210feffc18e
SHA-256: 778e8d6e83f4672d37888c0946c1c046a9522c54b71671461d324b6f2981887e
Size: 104.53 kB - abrt-python-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: 6ef7835e0757ea2c23754dab008173b5
SHA-256: a4113d1af870787703191b83e8503244fb34bda2c96d0a06f6047a01bfed944c
Size: 104.79 kB - abrt-tui-2.1.11-35.0.1.el7.AXS7.x86_64.rpm
MD5: c50372a4a7b705687c0901103a70f43d
SHA-256: b2e62d4cf6a829634f2198f0bb7b647a72ff8e164bd1f1834123586e2f59a37f
Size: 95.31 kB - abrt-gui-libs-2.1.11-35.0.1.el7.AXS7.i686.rpm
MD5: db7b4d4774c6eecac90cdc6bb765bab9
SHA-256: fcad1add237acf410460be132d89debfbfcdf9f504717b16716f462a9c888ae4
Size: 90.64 kB - abrt-libs-2.1.11-35.0.1.el7.AXS7.i686.rpm
MD5: ae5b02ea5d30d14952d40c8048929e7f
SHA-256: 4798a757ce6f44d259e94f1745082d464e3d9c1abc3f627ef5ed0f72cf16b2ee
Size: 104.15 kB - libreport-2.1.11-31.0.1.el7.AXS7.x86_64.rpm
MD5: 6c3a6ea22df92eeb0b02f548b2aed268
SHA-256: 2fd8be02bac4fd3f87cb1234ee89353c7e362b7003844cf6b447bfb181c9c54a
Size: 430.85 kB - libreport-anaconda-2.1.11-31.0.1.el7.AXS7.x86_64.rpm
MD5: 9833487547119a37f654d6ad1724d433
SHA-256: dd13a24473be095104090d77516a8d95603cb28d2740100630a112749644d485
Size: 44.61 kB - libreport-cli-2.1.11-31.0.1.el7.AXS7.x86_64.rpm
MD5: eaf86207429b69ff486c6489428e351d
SHA-256: 53f5b2ab2876b1b1d4565ef7baf132a28c9c716d67d9d36e3e4e6f2ab038a956
Size: 47.97 kB - libreport-filesystem-2.1.11-31.0.1.el7.AXS7.x86_64.rpm
MD5: 59d879e6b454f026e8a50def728eba0f
SHA-256: c0bf100533ddbd26fe2ef5717516da3926878ca2ed3c59679006f209a29e2d09
Size: 35.84 kB - libreport-gtk-2.1.11-31.0.1.el7.AXS7.x86_64.rpm
MD5: 92444050e9c189a7523e86bc7f3396fc
SHA-256: 13c38b78eae30307086261d3eb4ce98be195e17ef963830ad4a4565abd3fc9a5
Size: 94.43 kB - libreport-plugin-bugzilla-2.1.11-31.0.1.el7.AXS7.x86_64.rpm
MD5: 704e5d7fb603bba1b1a401e114459174
SHA-256: efcdc0e2974c05b245af6537a01267347251f2762925bf9481a97527aab706a1
Size: 80.53 kB - libreport-plugin-mailx-2.1.11-31.0.1.el7.AXS7.x86_64.rpm
MD5: d8b96177f7deda6180ef45d3bbdb3c4e
SHA-256: 68a848add577379280eae486de9481e3049f7d25c118ff2fad180fec0709cffb
Size: 54.48 kB - libreport-plugin-reportuploader-2.1.11-31.0.1.el7.AXS7.x86_64.rpm
MD5: 8e3233cc883661579c4a6d7b4a1e2cb2
SHA-256: 5504188ae8dac53728973a59eeed4903b218844e56ee964e809db0d7de0fca54
Size: 56.98 kB - libreport-plugin-ureport-2.1.11-31.0.1.el7.AXS7.x86_64.rpm
MD5: 868281db05d5409e5ca984534424f080
SHA-256: c7717b930eacb88f972767c605359564d9ef266fac037e797c83faac40b7d9b3
Size: 53.02 kB - libreport-python-2.1.11-31.0.1.el7.AXS7.x86_64.rpm
MD5: e21240e4736122de1cfeade57bfe9192
SHA-256: b7a886393c0bc6dfb506133778447b482a54bd2f6bdc8c9c45f27a6c1d83c25d
Size: 65.15 kB - libreport-web-2.1.11-31.0.1.el7.AXS7.x86_64.rpm
MD5: b99b2f61560ae51fb484e99c8b035aa5
SHA-256: 85949ccae4b0ebf9ed221802c45d8b1c1203b1cfef0bcd9f5a168af3ade9bd0d
Size: 52.41 kB - libreport-2.1.11-31.0.1.el7.AXS7.i686.rpm
MD5: b468e3a6bb2b9dd6674068c39339ab55
SHA-256: a94a9596e8f6585df814f1d4ac1ce3c5f7e145ce2080cd2be6852a44bc70d6b4
Size: 431.77 kB - libreport-gtk-2.1.11-31.0.1.el7.AXS7.i686.rpm
MD5: 2a21b7a834e89c2db582bec70bda2303
SHA-256: 9aa7fa9d2feda2ed54bdc972559cacfde18c82db0cc14b2ccda0408599c97db3
Size: 94.04 kB - libreport-web-2.1.11-31.0.1.el7.AXS7.i686.rpm
MD5: c24e80845d2f107535d61d8e06dc1f48
SHA-256: b70eb7771ec3c1cced4f0cb4e3a0a1bb2a9f3929c389617fcd85c28d321bfadc
Size: 52.31 kB - satyr-0.13-12.el7.x86_64.rpm
MD5: 953be6d90d403a6d486563a6cfc888f1
SHA-256: 42f3bb037544766b1283cf4ef72fb8ac9f5174a96f0720d403a85a5b578f5204
Size: 506.92 kB - satyr-0.13-12.el7.i686.rpm
MD5: a0ba24590cc308fa31c42f38d8dad1f6
SHA-256: 04ec094ef05ca9bc522f0e0f9e8cd4c82453a63461a558e046001d8c74f4d9f7
Size: 96.26 kB
日本語