 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 1 Feb 2013 09:47:42 -0600 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Important: abrt and libreport security update
Issue Date: 2013-01-31
CVE Numbers: CVE-2012-5659
CVE-2012-5660
--
It was found that the
/usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
tool did not sufficiently sanitize its environment variables. This could
lead
to Python modules being loaded and run from non-standard directories
(such as
/tmp/). A local attacker could use this flaw to escalate their privileges to
that of the abrt user. (CVE-2012-5659)
A race condition was found in the way ABRT handled the directories used to
store information about crashes. A local attacker with the privileges of the
abrt user could use this flaw to perform a symbolic link attack, possibly
allowing them to escalate their privileges to root. (CVE-2012-5660)
--
SL6
x86_64
abrt-2.0.8-6.el6_3.2.x86_64.rpm
abrt-addon-ccpp-2.0.8-6.el6_3.2.x86_64.rpm
abrt-addon-kerneloops-2.0.8-6.el6_3.2.x86_64.rpm
abrt-addon-python-2.0.8-6.el6_3.2.x86_64.rpm
abrt-cli-2.0.8-6.el6_3.2.x86_64.rpm
abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm
abrt-debuginfo-2.0.8-6.el6_3.2.x86_64.rpm
abrt-desktop-2.0.8-6.el6_3.2.x86_64.rpm
abrt-gui-2.0.8-6.el6_3.2.x86_64.rpm
abrt-libs-2.0.8-6.el6_3.2.i686.rpm
abrt-libs-2.0.8-6.el6_3.2.x86_64.rpm
abrt-tui-2.0.8-6.el6_3.2.x86_64.rpm
libreport-2.0.9-5.el6_3.2.i686.rpm
libreport-2.0.9-5.el6_3.2.x86_64.rpm
libreport-cli-2.0.9-5.el6_3.2.x86_64.rpm
libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm
libreport-debuginfo-2.0.9-5.el6_3.2.x86_64.rpm
libreport-gtk-2.0.9-5.el6_3.2.i686.rpm
libreport-gtk-2.0.9-5.el6_3.2.x86_64.rpm
libreport-newt-2.0.9-5.el6_3.2.x86_64.rpm
libreport-plugin-kerneloops-2.0.9-5.el6_3.2.x86_64.rpm
libreport-plugin-logger-2.0.9-5.el6_3.2.x86_64.rpm
libreport-plugin-mailx-2.0.9-5.el6_3.2.x86_64.rpm
libreport-plugin-reportuploader-2.0.9-5.el6_3.2.x86_64.rpm
libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.x86_64.rpm
libreport-python-2.0.9-5.el6_3.2.x86_64.rpm
abrt-addon-vmcore-2.0.8-6.el6_3.2.x86_64.rpm
abrt-devel-2.0.8-6.el6_3.2.i686.rpm
abrt-devel-2.0.8-6.el6_3.2.x86_64.rpm
libreport-devel-2.0.9-5.el6_3.2.i686.rpm
libreport-devel-2.0.9-5.el6_3.2.x86_64.rpm
libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm
libreport-gtk-devel-2.0.9-5.el6_3.2.x86_64.rpm
libreport-plugin-bugzilla-2.0.9-5.el6_3.2.x86_64.rpm
i386
abrt-2.0.8-6.el6_3.2.i686.rpm
abrt-addon-ccpp-2.0.8-6.el6_3.2.i686.rpm
abrt-addon-kerneloops-2.0.8-6.el6_3.2.i686.rpm
abrt-addon-python-2.0.8-6.el6_3.2.i686.rpm
abrt-cli-2.0.8-6.el6_3.2.i686.rpm
abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm
abrt-desktop-2.0.8-6.el6_3.2.i686.rpm
abrt-gui-2.0.8-6.el6_3.2.i686.rpm
abrt-libs-2.0.8-6.el6_3.2.i686.rpm
abrt-tui-2.0.8-6.el6_3.2.i686.rpm
libreport-2.0.9-5.el6_3.2.i686.rpm
libreport-cli-2.0.9-5.el6_3.2.i686.rpm
libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm
libreport-gtk-2.0.9-5.el6_3.2.i686.rpm
libreport-newt-2.0.9-5.el6_3.2.i686.rpm
libreport-plugin-kerneloops-2.0.9-5.el6_3.2.i686.rpm
libreport-plugin-logger-2.0.9-5.el6_3.2.i686.rpm
libreport-plugin-mailx-2.0.9-5.el6_3.2.i686.rpm
libreport-plugin-reportuploader-2.0.9-5.el6_3.2.i686.rpm
libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.i686.rpm
libreport-python-2.0.9-5.el6_3.2.i686.rpm
abrt-addon-vmcore-2.0.8-6.el6_3.2.i686.rpm
abrt-devel-2.0.8-6.el6_3.2.i686.rpm
libreport-devel-2.0.9-5.el6_3.2.i686.rpm
libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm
libreport-plugin-bugzilla-2.0.9-5.el6_3.2.i686.rpm
- Scientific Linux Development Team
|
|
|
