SCIENTIFIC-LINUX-ERRATA Archives

November 2015

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: libreport on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Tue, 24 Nov 2015 16:28:47 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (62 lines) 
Synopsis:          Moderate: libreport security update
Advisory ID:       SLSA-2015:2504-1
Issue Date:        2015-11-23
CVE Numbers:       CVE-2015-5302
--

It was found that ABRT may have exposed unintended information to Red Hat
Bugzilla during crash reporting. A bug in the libreport library caused
changes made by a user in files included in a crash report to be
discarded. As a result, Bugzilla attachments may contain data that
was not intended to be made public, including host names, IP addresses, or
command line options. (CVE-2015-5302)

This flaw did not affect default installations of ABRT on Scientific Linux
as they do not post data to Red Hat Bugzilla.
--

SL6
  x86_64
    libreport-2.0.9-25.el6_7.i686.rpm
    libreport-2.0.9-25.el6_7.x86_64.rpm
    libreport-cli-2.0.9-25.el6_7.x86_64.rpm
    libreport-compat-2.0.9-25.el6_7.x86_64.rpm
    libreport-debuginfo-2.0.9-25.el6_7.i686.rpm
    libreport-debuginfo-2.0.9-25.el6_7.x86_64.rpm
    libreport-filesystem-2.0.9-25.el6_7.x86_64.rpm
    libreport-gtk-2.0.9-25.el6_7.i686.rpm
    libreport-gtk-2.0.9-25.el6_7.x86_64.rpm
    libreport-newt-2.0.9-25.el6_7.x86_64.rpm
    libreport-plugin-kerneloops-2.0.9-25.el6_7.x86_64.rpm
    libreport-plugin-logger-2.0.9-25.el6_7.x86_64.rpm
    libreport-plugin-mailx-2.0.9-25.el6_7.x86_64.rpm
    libreport-plugin-reportuploader-2.0.9-25.el6_7.x86_64.rpm
    libreport-plugin-rhtsupport-2.0.9-25.el6_7.x86_64.rpm
    libreport-plugin-ureport-2.0.9-25.el6_7.x86_64.rpm
    libreport-python-2.0.9-25.el6_7.x86_64.rpm
    libreport-devel-2.0.9-25.el6_7.i686.rpm
    libreport-devel-2.0.9-25.el6_7.x86_64.rpm
    libreport-gtk-devel-2.0.9-25.el6_7.i686.rpm
    libreport-gtk-devel-2.0.9-25.el6_7.x86_64.rpm
    libreport-plugin-bugzilla-2.0.9-25.el6_7.x86_64.rpm
  i386
    libreport-2.0.9-25.el6_7.i686.rpm
    libreport-cli-2.0.9-25.el6_7.i686.rpm
    libreport-compat-2.0.9-25.el6_7.i686.rpm
    libreport-debuginfo-2.0.9-25.el6_7.i686.rpm
    libreport-filesystem-2.0.9-25.el6_7.i686.rpm
    libreport-gtk-2.0.9-25.el6_7.i686.rpm
    libreport-newt-2.0.9-25.el6_7.i686.rpm
    libreport-plugin-kerneloops-2.0.9-25.el6_7.i686.rpm
    libreport-plugin-logger-2.0.9-25.el6_7.i686.rpm
    libreport-plugin-mailx-2.0.9-25.el6_7.i686.rpm
    libreport-plugin-reportuploader-2.0.9-25.el6_7.i686.rpm
    libreport-plugin-rhtsupport-2.0.9-25.el6_7.i686.rpm
    libreport-plugin-ureport-2.0.9-25.el6_7.i686.rpm
    libreport-python-2.0.9-25.el6_7.i686.rpm
    libreport-devel-2.0.9-25.el6_7.i686.rpm
    libreport-gtk-devel-2.0.9-25.el6_7.i686.rpm
    libreport-plugin-bugzilla-2.0.9-25.el6_7.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2