LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Moderate: libreport security update
Advisory ID:       SLSA-2015:2504-1
Issue Date:        2015-11-23
CVE Numbers:       CVE-2015-5302
--

It was found that ABRT may have exposed unintended information to Red Hat
Bugzilla during crash reporting. A bug in the libreport library caused
changes made by a user in files included in a crash report to be
discarded. As a result, Bugzilla attachments may contain data that
was not intended to be made public, including host names, IP addresses, or
command line options. (CVE-2015-5302)

This flaw did not affect default installations of ABRT on Scientific Linux
as they do not post data to Red Hat Bugzilla.
--

SL6
  x86_64
    libreport-2.0.9-25.el6_7.i686.rpm
    libreport-2.0.9-25.el6_7.x86_64.rpm
    libreport-cli-2.0.9-25.el6_7.x86_64.rpm
    libreport-compat-2.0.9-25.el6_7.x86_64.rpm
    libreport-debuginfo-2.0.9-25.el6_7.i686.rpm
    libreport-debuginfo-2.0.9-25.el6_7.x86_64.rpm
    libreport-filesystem-2.0.9-25.el6_7.x86_64.rpm
    libreport-gtk-2.0.9-25.el6_7.i686.rpm
    libreport-gtk-2.0.9-25.el6_7.x86_64.rpm
    libreport-newt-2.0.9-25.el6_7.x86_64.rpm
    libreport-plugin-kerneloops-2.0.9-25.el6_7.x86_64.rpm
    libreport-plugin-logger-2.0.9-25.el6_7.x86_64.rpm
    libreport-plugin-mailx-2.0.9-25.el6_7.x86_64.rpm
    libreport-plugin-reportuploader-2.0.9-25.el6_7.x86_64.rpm
    libreport-plugin-rhtsupport-2.0.9-25.el6_7.x86_64.rpm
    libreport-plugin-ureport-2.0.9-25.el6_7.x86_64.rpm
    libreport-python-2.0.9-25.el6_7.x86_64.rpm
    libreport-devel-2.0.9-25.el6_7.i686.rpm
    libreport-devel-2.0.9-25.el6_7.x86_64.rpm
    libreport-gtk-devel-2.0.9-25.el6_7.i686.rpm
    libreport-gtk-devel-2.0.9-25.el6_7.x86_64.rpm
    libreport-plugin-bugzilla-2.0.9-25.el6_7.x86_64.rpm
  i386
    libreport-2.0.9-25.el6_7.i686.rpm
    libreport-cli-2.0.9-25.el6_7.i686.rpm
    libreport-compat-2.0.9-25.el6_7.i686.rpm
    libreport-debuginfo-2.0.9-25.el6_7.i686.rpm
    libreport-filesystem-2.0.9-25.el6_7.i686.rpm
    libreport-gtk-2.0.9-25.el6_7.i686.rpm
    libreport-newt-2.0.9-25.el6_7.i686.rpm
    libreport-plugin-kerneloops-2.0.9-25.el6_7.i686.rpm
    libreport-plugin-logger-2.0.9-25.el6_7.i686.rpm
    libreport-plugin-mailx-2.0.9-25.el6_7.i686.rpm
    libreport-plugin-reportuploader-2.0.9-25.el6_7.i686.rpm
    libreport-plugin-rhtsupport-2.0.9-25.el6_7.i686.rpm
    libreport-plugin-ureport-2.0.9-25.el6_7.i686.rpm
    libreport-python-2.0.9-25.el6_7.i686.rpm
    libreport-devel-2.0.9-25.el6_7.i686.rpm
    libreport-gtk-devel-2.0.9-25.el6_7.i686.rpm
    libreport-plugin-bugzilla-2.0.9-25.el6_7.i686.rpm

- Scientific Linux Development Team