What Are You Looking For?

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-9886
2015-06-13 00:14:24
--------------------------------------------------------------------------------

Name        : satyr
Product     : Fedora 22
Version     : 0.18
Release     : 1.fc22
URL         : https://github.com/abrt/satyr
Summary     : Tools to create anonymous, machine-friendly problem reports
Description :
Satyr is a library that can be used to create and process microreports.
Microreports consist of structured data suitable to be analyzed in a fully
automated manner, though they do not necessarily contain sufficient information
to fix the underlying problem. The reports are designed not to contain any
potentially sensitive data to eliminate the need for review before submission.
Included is a tool that can create microreports and perform some basic
operations on them.

--------------------------------------------------------------------------------
Update Information:

Security fixes for:
* CVE-2015-3315
* CVE-2015-3142
* CVE-2015-1869
* CVE-2015-1870
* CVE-2015-3151
* CVE-2015-3150
* CVE-2015-3159

abrt:
- Move the default dump location from /var/tmp/abrt to /var/spool/abrt 
- Use root for owner of all dump directories
- Stop reading hs_error.log from /tmp
- Don not save the system logs by default
- Don not save dmesg if kernel.dmesg_restrict=1

libreport:
- Harden the code against directory traversal, symbolic and hard link attacks
- Fix a bug causing that the first value of AlwaysExcludedElements was ignored
- Fix missing icon for the "Stop" button icon name
- Improve development documentation
- Translations updates

gnome-abrt:
- Enabled the Details also for the System problems
- Do not crash in the testing of availabitlity of XServer
- Fix 'Open problem's data directory'
- Quit Application on Ctrl+Q
- Translation updates

satyr:
- New kernel taint flags
- More secure core stacktraces from core hook
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun  9 2015 Martin Milata  - 0.18-1
- New upstream version
  - Remove function fingerprinting
  - New kernel taint flags
  - Normalization tweaks
  - More secure core stacktraces from core hook
* Sat May  2 2015 Kalev Lember  - 0.16-3
- Rebuilt for GCC 5 C++11 ABI change
* Sat Feb 21 2015 Till Maas  - 0.16-2
- Rebuilt for Fedora 23 Change
  https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1216975 - CVE-2015-3159 abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1216975
  [ 2 ] Bug #1214609 - CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1214609
  [ 3 ] Bug #1214452 - CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1214452
  [ 4 ] Bug #1212871 - CVE-2015-1870 abrt: default abrt event scripts lead to information disclosure [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1212871
  [ 5 ] Bug #1212865 - CVE-2015-1869 abrt: default event scripts follow symbolic links [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1212865
  [ 6 ] Bug #1212821 - CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1212821
  [ 7 ] Bug #1218239 - CVE-2015-3315 abrt: Various race-conditions and symlink issues found in abrt [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1218239
  [ 8 ] Bug #1128400 - ABRT does not honor dmesg_restrict
        https://bugzilla.redhat.com/show_bug.cgi?id=1128400
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update satyr' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Fedora 22: satyr Security Update

June 21, 2015
Security fixes for: * CVE-2015-3315 * CVE-2015-3142 * CVE-2015-1869 * CVE-2015-1870

Summary

Satyr is a library that can be used to create and process microreports.

Microreports consist of structured data suitable to be analyzed in a fully

automated manner, though they do not necessarily contain sufficient information

to fix the underlying problem. The reports are designed not to contain any

potentially sensitive data to eliminate the need for review before submission.

Included is a tool that can create microreports and perform some basic

operations on them.

Update Information:

Security fixes for: * CVE-2015-3315 * CVE-2015-3142 * CVE-2015-1869 * CVE-2015-1870 * CVE-2015-3151 * CVE-2015-3150 * CVE-2015-3159

abrt: - Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories - Stop reading hs_error.log from /tmp - Don not save the system logs by default - Don not save dmesg if kernel.dmesg_restrict=1

libreport: - Harden the code against directory traversal, symbolic and hard link attacks - Fix a bug causing that the first value of AlwaysExcludedElements was ignored - Fix missing icon for the "Stop" button icon name - Improve development documentation - Translations updates

gnome-abrt: - Enabled the Details also for the System problems - Do not crash in the testing of availabitlity of XServer - Fix 'Open problem's data directory' - Quit Application on Ctrl+Q - Translation updates

satyr: - New kernel taint flags - More secure core stacktraces from core hook

Change Log

* Tue Jun 9 2015 Martin Milata - 0.18-1 - New upstream version - Remove function fingerprinting - New kernel taint flags - Normalization tweaks - More secure core stacktraces from core hook * Sat May 2 2015 Kalev Lember - 0.16-3 - Rebuilt for GCC 5 C++11 ABI change * Sat Feb 21 2015 Till Maas - 0.16-2 - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code

References

[ 1 ] Bug #1216975 - CVE-2015-3159 abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1216975 [ 2 ] Bug #1214609 - CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214609 [ 3 ] Bug #1214452 - CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214452 [ 4 ] Bug #1212871 - CVE-2015-1870 abrt: default abrt event scripts lead to information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212871 [ 5 ] Bug #1212865 - CVE-2015-1869 abrt: default event scripts follow symbolic links [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212865 [ 6 ] Bug #1212821 - CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212821 [ 7 ] Bug #1218239 - CVE-2015-3315 abrt: Various race-conditions and symlink issues found in abrt [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1218239 [ 8 ] Bug #1128400 - ABRT does not honor dmesg_restrict https://bugzilla.redhat.com/show_bug.cgi?id=1128400

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update satyr' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : satyr
Product : Fedora 22
Version : 0.18
Release : 1.fc22
URL : https://github.com/abrt/satyr
Summary : Tools to create anonymous, machine-friendly problem reports

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo