abrt-2.0.8-6.0.1.AXS4, btparser-0.16-3.AXS4, libreport-2.0.9-5.0.1.AXS4, python-meh-0.12.1-3.AXS4
エラータID: AXSA:2012-870:02
リリース日:
2012/09/11 Tuesday - 14:45
題名:
abrt-2.0.8-6.0.1.AXS4, btparser-0.16-3.AXS4, libreport-2.0.9-5.0.1.AXS4, python-meh-0.12.1-3.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- ABRT の C ハンドラプラグインは sysctl が fs.suid_dumpable オプションを 2 に設定している場合, setuid プログラムのためのコアダンプファイルのグループID のパーミッションを適切に設定しておらず,ローカルのユーザが機密情報を得る脆弱性があります。(CVE-2012-1106)
- 現時点では CVE-2011-4088 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2011-4088
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2012-1106
The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.
The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.
追加情報:
N/A
ダウンロード:
SRPMS
- abrt-2.0.8-6.0.1.AXS4.src.rpm
MD5: eb7042803fd6371e2351821283abb87b
SHA-256: b6314bda7c50261fc7175648c530bd7808d0ae8bbedc47a7c3a548edb2d6ffd1
Size: 1.30 MB - btparser-0.16-3.AXS4.src.rpm
MD5: 4122f8db66b657ceca49ca51004197d0
SHA-256: edde3b7ccb37358efacbb03354fbe5965e72b17ad10280c963edf4a1401efdc6
Size: 333.25 kB - libreport-2.0.9-5.0.1.AXS4.src.rpm
MD5: f0143605b8e09a9cd70e0660bdf42397
SHA-256: f5b365ed19a5d60f806c66a17df6bdd553338d54760afb8bbf5f9908d8e2446f
Size: 1.44 MB - python-meh-0.12.1-3.AXS4.src.rpm
MD5: 052b29f7f31323d20dc707649a5ad84b
SHA-256: 1ca6090c8a39d80a56bfd1050e9dec8ff3281ce4edb1336824eabcecbe41ad73
Size: 88.16 kB
Asianux Server 4 for x86
- abrt-2.0.8-6.0.1.AXS4.i686.rpm
MD5: bb59ce73ca076b585bb10fd6733dd3d0
SHA-256: 63774311744ab9f832ef0d5dde73e969719be5571478b7e553b16bbdb6878c57
Size: 223.50 kB - abrt-addon-ccpp-2.0.8-6.0.1.AXS4.i686.rpm
MD5: b9da3adaf50ff29ffe8dad87870e7b3e
SHA-256: b014ad3a42e3275f4551c420c123ea6e79575ed8307cd3151be8e0169a32dee4
Size: 108.82 kB - abrt-addon-kerneloops-2.0.8-6.0.1.AXS4.i686.rpm
MD5: 4a75a31aa8d464e769f3541aa709c07f
SHA-256: 030207e652a0bafad68ae60199bff920d8d2ec173713213a0d16278b31f9350b
Size: 64.13 kB - abrt-addon-python-2.0.8-6.0.1.AXS4.i686.rpm
MD5: 690ee87617d90c8e6865a4faf2b41a68
SHA-256: 23322ee88cfd933d4f9d1268c4ec844f0544ac702207a42764f0096311e2873f
Size: 60.32 kB - abrt-cli-2.0.8-6.0.1.AXS4.i686.rpm
MD5: b833ccf4dd0a2d140230b2a263511c45
SHA-256: 66e411523bfe9712f34bb7c3823d30dd4d3b6891fb5aeac42a6a2cb1007c3a8a
Size: 49.73 kB - abrt-desktop-2.0.8-6.0.1.AXS4.i686.rpm
MD5: 7ec671e362620b0a6ed6b17018e284ef
SHA-256: 513db29e29105a8086d016a5a34d57ebc79771ccdceac22af3b266cb71d8c183
Size: 49.91 kB - abrt-gui-2.0.8-6.0.1.AXS4.i686.rpm
MD5: 9f2e159e76ef4896d85ab9f9aa50709a
SHA-256: ef95d64585e0eebe7f6f5c6b3c1b733d01183308d8018773ff3eb96eca5694c1
Size: 145.78 kB - abrt-libs-2.0.8-6.0.1.AXS4.i686.rpm
MD5: 75c8a434747182aea85fdbee97415ca9
SHA-256: dd35986dbfc863f7685501becdb984d4535a0b83ea5e413f8804c7011b9c7fa1
Size: 55.68 kB - abrt-tui-2.0.8-6.0.1.AXS4.i686.rpm
MD5: c878521df88c151d527fdd9db8d0a628
SHA-256: cce850a0094be8f27e49507441fa1d5a442329f8a6f71927d4148aa08a0cf539
Size: 56.33 kB - btparser-0.16-3.AXS4.i686.rpm
MD5: a446c7032480c33c77c37311ddc10fb4
SHA-256: 46d387b1fb9c78ae0cf752043492f6fa2dbbecd0029671bffe35e5f25af2f729
Size: 50.69 kB - libreport-2.0.9-5.0.1.AXS4.i686.rpm
MD5: 6b176e4088fd7820793fb74406dc7b1e
SHA-256: 2704fc2ccd3149be947a9a477634c27e1acbe4d3297da434210b0397b184b7bf
Size: 228.26 kB - libreport-cli-2.0.9-5.0.1.AXS4.i686.rpm
MD5: 132a45748574356b3b7bae25861c9f6e
SHA-256: 4647bdb3003888852a1ed198539988ca2cdb4b0b41eb57950e3088f77548453c
Size: 19.21 kB - libreport-gtk-2.0.9-5.0.1.AXS4.i686.rpm
MD5: 7b896dbc3595a2bd57262815798c2cf6
SHA-256: d3e9b4c75987f023eb2f9d2c0e6480e825efd0fc786443de6f0a6acce79282ee
Size: 39.55 kB - libreport-newt-2.0.9-5.0.1.AXS4.i686.rpm
MD5: f620df690283a9903df2e9cca495dd0c
SHA-256: 77939f81811d3bdf42ee36148cf19084b1589ffa2b402c167323833e9966a8be
Size: 13.93 kB - libreport-plugin-kerneloops-2.0.9-5.0.1.AXS4.i686.rpm
MD5: 8952b8fc717e51fdef58d535ea400f58
SHA-256: 83a967b32803ce3f6d420da33fb2156bf70a32b6c2f81b81e57bd6b5e1674570
Size: 14.90 kB - libreport-plugin-logger-2.0.9-5.0.1.AXS4.i686.rpm
MD5: d97ebc42ac15fec53e3e5419fac9f093
SHA-256: 473358e5e9ee601496d409c93db37946396002c862413a587938ad538b61a00a
Size: 17.05 kB - libreport-plugin-mailx-2.0.9-5.0.1.AXS4.i686.rpm
MD5: 31e40e80b9e0b45f18efb2b237eaa8d4
SHA-256: 675a64d36087d8532084973360977dc78b3d4d8b2c1cf08efb7570e845df0ef5
Size: 18.09 kB - libreport-plugin-reportuploader-2.0.9-5.0.1.AXS4.i686.rpm
MD5: e1fadbe934a26e41937e2e25db2d852f
SHA-256: 5a94995d4b7456bc7bfcf9c147cf6e150fe6585c5c37c3f83d7e0199901d2eaa
Size: 18.74 kB - libreport-plugin-rhtsupport-2.0.9-5.0.1.AXS4.i686.rpm
MD5: cee502f1e4493958e9a04c928573d036
SHA-256: 90032241c65b4ee37a22bca864337759987da240c85475dbdc1fb3049d683975
Size: 22.38 kB - libreport-python-2.0.9-5.0.1.AXS4.i686.rpm
MD5: 364847c68b2427bc19ccfea5db51e239
SHA-256: 1ff2c20ead1a4f3ca877520d133070f59e7e22ec331c00586e28e19636cb62bd
Size: 30.27 kB - python-meh-0.12.1-3.AXS4.noarch.rpm
MD5: 2c29983091536827f02df9ff2435f766
SHA-256: ffc8eec9d683f023e47c61dc550d0b5c3472c66f15c52b6833df03a06f09af23
Size: 64.57 kB
Asianux Server 4 for x86_64
- abrt-2.0.8-6.0.1.AXS4.x86_64.rpm
MD5: 914f729a4c2fecbb8ba58f5d7380199f
SHA-256: 33bf17b6dcd5aa86259171e573fcfd5367cce1c0cf8adbd991ce8469854c8c23
Size: 222.85 kB - abrt-addon-ccpp-2.0.8-6.0.1.AXS4.x86_64.rpm
MD5: ed6a4024fc857ae09177a1246ed421e5
SHA-256: 453037553e0249acbc7302eeaa6338aa27e9fba29d3e270f5f1b79378731442d
Size: 107.90 kB - abrt-addon-kerneloops-2.0.8-6.0.1.AXS4.x86_64.rpm
MD5: e032b379e014e3a7f9961d15a714c3ff
SHA-256: dc05729f2d7c6ef9f4fea3e65b0342e96aa2e8acbb8bc71088e2ac913755f81b
Size: 63.38 kB - abrt-addon-python-2.0.8-6.0.1.AXS4.x86_64.rpm
MD5: 03dab506b81b392b752ff6cd204a8be5
SHA-256: fdcb8357c1b062f05cb3936f1ca76ad1f659d6fa9a44b7282afaabd5c5b23b5c
Size: 59.86 kB - abrt-cli-2.0.8-6.0.1.AXS4.x86_64.rpm
MD5: 7e312301927b38833054c4ed59f652cc
SHA-256: 3b972d2735c60a2112110108792d50688b44d55a4dafbaba53a9d0bb0c5503b2
Size: 49.29 kB - abrt-desktop-2.0.8-6.0.1.AXS4.x86_64.rpm
MD5: f5205c93daeb24eb721d09d4a710e66a
SHA-256: fa3c41db6cbbdc1fdb5f67f83a4a9e82bbd34f9149b1752eb1a84290ae6ac42f
Size: 49.46 kB - abrt-gui-2.0.8-6.0.1.AXS4.x86_64.rpm
MD5: 74d85fdc0ab583c0db01bb5c69247ee1
SHA-256: 693480516e827bf6894d61c175016ff6a4f70fbc5954d3c57f3e9842220784c4
Size: 145.23 kB - abrt-libs-2.0.8-6.0.1.AXS4.x86_64.rpm
MD5: 0115a5ad9fe106ce5e6f42defaaf2326
SHA-256: a365c7d2358f3c6b7a21356f8a73649a108ba67d240941b1af9e69a2d4c8c5cf
Size: 55.09 kB - abrt-tui-2.0.8-6.0.1.AXS4.x86_64.rpm
MD5: 0199d61d2f633ce5f81c9551bb640903
SHA-256: d0d6249adf194de7555f817067d3dc3f16f87961a6406e1137ea735bbf6c04f1
Size: 55.84 kB - abrt-libs-2.0.8-6.0.1.AXS4.i686.rpm
MD5: 75c8a434747182aea85fdbee97415ca9
SHA-256: dd35986dbfc863f7685501becdb984d4535a0b83ea5e413f8804c7011b9c7fa1
Size: 55.68 kB - btparser-0.16-3.AXS4.x86_64.rpm
MD5: f81e21ff9df017a4f01f762d461851a7
SHA-256: 52a848c39fcf9920954a95c9f1661510557535636e021b35a039b27daaf449f7
Size: 50.34 kB - libreport-2.0.9-5.0.1.AXS4.x86_64.rpm
MD5: a83dfb3d965afc24e7f92976b4a152d5
SHA-256: 3958d0b17aea1338a02132462c24422cdfb62228f0fddce0546f6bf9c3cc8d2e
Size: 227.42 kB - libreport-cli-2.0.9-5.0.1.AXS4.x86_64.rpm
MD5: 3cc137ff89fb503ed2aa13d0d793260d
SHA-256: 0fa200b4f79d75c4337c00b18ac86e597ada7c090f94f4b47d444e65c507318b
Size: 18.99 kB - libreport-gtk-2.0.9-5.0.1.AXS4.x86_64.rpm
MD5: 6f7071d06049b2467fee157830e37512
SHA-256: 2437b2de4d3bb0a11cdc4f60b9f8966e5d7f15c6a0bc9163e2272548778993fd
Size: 39.67 kB - libreport-newt-2.0.9-5.0.1.AXS4.x86_64.rpm
MD5: 2abd1ab7dd829b664a7866117d2d13b9
SHA-256: 577bb62f208eac16793913fdaac5e9a48fb2640c309a61ecf8ad01ac31ded801
Size: 13.71 kB - libreport-plugin-kerneloops-2.0.9-5.0.1.AXS4.x86_64.rpm
MD5: d087cd18dcce7e98c2ed7cc7a0f42c92
SHA-256: 15277796576e7bfc3438618a6edff43ace59fb4fceb8799216d7e6fc47d08c6c
Size: 14.64 kB - libreport-plugin-logger-2.0.9-5.0.1.AXS4.x86_64.rpm
MD5: 881f7702f1efc3b34b524d816fd465cf
SHA-256: df814fd9ffba66ef28648f826ce32aaedc5b7516ee9f9d37b9837b7c501192bf
Size: 16.71 kB - libreport-plugin-mailx-2.0.9-5.0.1.AXS4.x86_64.rpm
MD5: 150eb6b10329bc5f381b0d04825d6652
SHA-256: e7afbf89065daa2da91a5d59acb4f39a02b893d4d88aaa669f50b851199c6ace
Size: 17.79 kB - libreport-plugin-reportuploader-2.0.9-5.0.1.AXS4.x86_64.rpm
MD5: af296d3a1d971112720eb97b40c7d495
SHA-256: 51260fedae358716525b4aef4d5d257a7b6a973edecd7d5f54ed3388bf00f765
Size: 18.45 kB - libreport-plugin-rhtsupport-2.0.9-5.0.1.AXS4.x86_64.rpm
MD5: 9c509ade570268e004dca69a233dd004
SHA-256: 4c8d7d67e1102e5d6b4b9dbd02feb77f74d9fec4381e3f4485879047096c65be
Size: 22.14 kB - libreport-python-2.0.9-5.0.1.AXS4.x86_64.rpm
MD5: 00de50759b0e538d6e03415e4c68961b
SHA-256: 0b7d92962130bbf3e329a21d67cc6ed7001f4cfc808c556e3eea11a2fa9e2967
Size: 30.08 kB - libreport-2.0.9-5.0.1.AXS4.i686.rpm
MD5: 6b176e4088fd7820793fb74406dc7b1e
SHA-256: 2704fc2ccd3149be947a9a477634c27e1acbe4d3297da434210b0397b184b7bf
Size: 228.26 kB - libreport-gtk-2.0.9-5.0.1.AXS4.i686.rpm
MD5: 7b896dbc3595a2bd57262815798c2cf6
SHA-256: d3e9b4c75987f023eb2f9d2c0e6480e825efd0fc786443de6f0a6acce79282ee
Size: 39.55 kB - python-meh-0.12.1-3.AXS4.noarch.rpm
MD5: a8426f385cf5faddf2b0fd00d55ff139
SHA-256: 905d31fc52fe6f31540fe8c06a4fd31a0e86cc427bf0f442cfd54a95bb3adebe
Size: 64.12 kB