Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Pat Riehecky <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Important: abrt and libreport on SL6.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Friday 1st February 2013 15:47:42 UTC (over 3 years ago)
Synopsis:          Important: abrt and libreport security update
Issue Date:        2013-01-31
CVE Numbers:       CVE-2012-5659
                    CVE-2012-5660
--

It was found that the 
/usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
tool did not sufficiently sanitize its environment variables. This could 
lead
to Python modules being loaded and run from non-standard directories 
(such as
/tmp/). A local attacker could use this flaw to escalate their privileges
to
that of the abrt user. (CVE-2012-5659)

A race condition was found in the way ABRT handled the directories used to
store information about crashes. A local attacker with the privileges of
the
abrt user could use this flaw to perform a symbolic link attack, possibly
allowing them to escalate their privileges to root. (CVE-2012-5660)
--

SL6
   x86_64
     abrt-2.0.8-6.el6_3.2.x86_64.rpm
     abrt-addon-ccpp-2.0.8-6.el6_3.2.x86_64.rpm
     abrt-addon-kerneloops-2.0.8-6.el6_3.2.x86_64.rpm
     abrt-addon-python-2.0.8-6.el6_3.2.x86_64.rpm
     abrt-cli-2.0.8-6.el6_3.2.x86_64.rpm
     abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm
     abrt-debuginfo-2.0.8-6.el6_3.2.x86_64.rpm
     abrt-desktop-2.0.8-6.el6_3.2.x86_64.rpm
     abrt-gui-2.0.8-6.el6_3.2.x86_64.rpm
     abrt-libs-2.0.8-6.el6_3.2.i686.rpm
     abrt-libs-2.0.8-6.el6_3.2.x86_64.rpm
     abrt-tui-2.0.8-6.el6_3.2.x86_64.rpm
     libreport-2.0.9-5.el6_3.2.i686.rpm
     libreport-2.0.9-5.el6_3.2.x86_64.rpm
     libreport-cli-2.0.9-5.el6_3.2.x86_64.rpm
     libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm
     libreport-debuginfo-2.0.9-5.el6_3.2.x86_64.rpm
     libreport-gtk-2.0.9-5.el6_3.2.i686.rpm
     libreport-gtk-2.0.9-5.el6_3.2.x86_64.rpm
     libreport-newt-2.0.9-5.el6_3.2.x86_64.rpm
     libreport-plugin-kerneloops-2.0.9-5.el6_3.2.x86_64.rpm
     libreport-plugin-logger-2.0.9-5.el6_3.2.x86_64.rpm
     libreport-plugin-mailx-2.0.9-5.el6_3.2.x86_64.rpm
     libreport-plugin-reportuploader-2.0.9-5.el6_3.2.x86_64.rpm
     libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.x86_64.rpm
     libreport-python-2.0.9-5.el6_3.2.x86_64.rpm
     abrt-addon-vmcore-2.0.8-6.el6_3.2.x86_64.rpm
     abrt-devel-2.0.8-6.el6_3.2.i686.rpm
     abrt-devel-2.0.8-6.el6_3.2.x86_64.rpm
     libreport-devel-2.0.9-5.el6_3.2.i686.rpm
     libreport-devel-2.0.9-5.el6_3.2.x86_64.rpm
     libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm
     libreport-gtk-devel-2.0.9-5.el6_3.2.x86_64.rpm
     libreport-plugin-bugzilla-2.0.9-5.el6_3.2.x86_64.rpm
   i386
     abrt-2.0.8-6.el6_3.2.i686.rpm
     abrt-addon-ccpp-2.0.8-6.el6_3.2.i686.rpm
     abrt-addon-kerneloops-2.0.8-6.el6_3.2.i686.rpm
     abrt-addon-python-2.0.8-6.el6_3.2.i686.rpm
     abrt-cli-2.0.8-6.el6_3.2.i686.rpm
     abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm
     abrt-desktop-2.0.8-6.el6_3.2.i686.rpm
     abrt-gui-2.0.8-6.el6_3.2.i686.rpm
     abrt-libs-2.0.8-6.el6_3.2.i686.rpm
     abrt-tui-2.0.8-6.el6_3.2.i686.rpm
     libreport-2.0.9-5.el6_3.2.i686.rpm
     libreport-cli-2.0.9-5.el6_3.2.i686.rpm
     libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm
     libreport-gtk-2.0.9-5.el6_3.2.i686.rpm
     libreport-newt-2.0.9-5.el6_3.2.i686.rpm
     libreport-plugin-kerneloops-2.0.9-5.el6_3.2.i686.rpm
     libreport-plugin-logger-2.0.9-5.el6_3.2.i686.rpm
     libreport-plugin-mailx-2.0.9-5.el6_3.2.i686.rpm
     libreport-plugin-reportuploader-2.0.9-5.el6_3.2.i686.rpm
     libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.i686.rpm
     libreport-python-2.0.9-5.el6_3.2.i686.rpm
     abrt-addon-vmcore-2.0.8-6.el6_3.2.i686.rpm
     abrt-devel-2.0.8-6.el6_3.2.i686.rpm
     libreport-devel-2.0.9-5.el6_3.2.i686.rpm
     libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm
     libreport-plugin-bugzilla-2.0.9-5.el6_3.2.i686.rpm

- Scientific Linux Development Team
 
CD: 3ms