Alerts This Week
Warning Icon 1 924
Alerts This Week
Warning Icon 1 924

Fedora 21 gnome-abrt Security Advisory Critical Fixes June 2015

fedora
Calendar Grey June 30, 2015
Dist Fedora Esm H88
The latest security update for Fedora 21's gnome-abrt package fixes critical vulnerabilities affecting system integrity and user safety, emphasizing the need for vigilant updates
Security fixes for: * CVE-2015-3315 * CVE-2015-3142 * CVE-2015-1869 * CVE-2015-1870

Summary

A GNOME application allows users to browse through detected problems and

provides them with convenient way for managing these problems.

Update Information:

Security fixes for: * CVE-2015-3315 * CVE-2015-3142 * CVE-2015-1869 * CVE-2015-1870 * CVE-2015-3151 * CVE-2015-3150 * CVE-2015-3159

abrt: ====* Move the default dump location from /var/tmp/abrt to /var/spool/abrt * Use root for owner of all dump directories * Stop reading hs_error.log from /tmp * Don not save the system logs by default * Don not save dmesg if kernel.dmesg_restrict=1

libreport: =========* Harden the code against directory traversal, symbolic and hard link attacks * Fix a bug causing that the first value of AlwaysExcludedElements was ignored * Fix missing icon for the "Stop" button icon name * Improve development documentation * Translations updates

gnome-abrt: ==========* Use DBus to get problem data for detail dialog * Fix an error introduced with the details on System page * Enabled the Details also for the System problems

Topics%20covered

Topics Covered

security advisory Fedora system management critical fix abrt gnome-abrt traversal attack

Change Log

* Mon Jun 22 2015 Matej Habrnal - 1.0.0-3 - dependency fix * Tue Jun 16 2015 Matej Habrnal - 1.0.0-2 - Fix an error introduced with the details on System page - Enabled the Details also for the System problems - Use DBus to get problem data for detail dialog - Resolves: #1193656

References


[ 1 ] Bug #1214609 - CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214609 [ 2 ] Bug #1216975 - CVE-2015-3159 abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1216975 [ 3 ] Bug #1214452 - CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214452 [ 4 ] Bug #1212871 - CVE-2015-1870 abrt: default abrt event scripts lead to information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212871 [ 5 ] Bug #1212821 - CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212821 [ 6 ] Bug #1213485 - Can't extract files from downloaded d...

Read the Full Advisory

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update gnome-abrt' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: gnome-abrt
Product: Fedora 21
Version: 1.0.0
Release: 3.fc21
URL: https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement
Summary: A utility for viewing problems that have occurred with the system

Topics%20covered

Topics Covered

security advisory Fedora system management critical fix abrt gnome-abrt traversal attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here