Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Scientific Linux: Important Update on abrt and libreport Security Issues

Scientific Large Esm H446
Important: abrt and libreport security update
Date: Fri, 1 Feb 2013 09:47:42 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: Security ERRATA Important: abrt and libreport on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: abrt and libreport security update
Issue Date: 2013-01-31
CVE Numbers: CVE-2012-5659
 CVE-2012-5660
--

It was found that the
/usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
tool did not sufficiently sanitize its environment variables. This could
lead
to Python modules being loaded and run from non-standard directories
(such as
/tmp/). A local attacker could use this flaw to escalate their privileges to
that of the abrt user. (CVE-2012-5659)

A race condition was found in the way ABRT handled the directories used to
store information about crashes. A local attacker with the privileges of the
abrt user could use this flaw to perform a symbolic link attack, possibly
allowing them to escalate their privileges to root. (CVE-2012-5660)
--

SL6
 x86_64
 abrt-2.0.8-6.el6_3.2.x86_64.rpm
 abrt-addon-ccpp-2.0.8-6.el6_3.2.x86_64.rpm
 abrt-addon-kerneloops-2.0.8-6.el6_3.2.x86_64.rpm
 abrt-addon-python-2.0.8-6.el6_3.2.x86_64.rpm
 abrt-cli-2.0.8-6.el6_3.2.x86_64.rpm
 abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm
 abrt-debuginfo-2.0.8-6.el6_3.2.x86_64.rpm
 abrt-desktop-2.0.8-6.el6_3.2.x86_64.rpm
 abrt-gui-2.0.8-6.el6_3.2.x86_64.rpm
 abrt-libs-2.0.8-6.el6_3.2.i686.rpm
 abrt-libs-2.0.8-6.el6_3.2.x86_64.rpm
 abrt-tui-2.0.8-6.el6_3.2.x86_64.rpm
 libreport-2.0.9-5.el6_3.2.i686.rpm
 libreport-2.0.9-5.el6_3.2.x86_64.rpm
 libreport-cli-2.0.9-5.el6_3.2.x86_64.rpm
 libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm
 libreport-debuginfo-2.0.9-5.el6_3.2.x86_64.rpm
 libreport-gtk-2.0.9-5.el6_3.2.i686.rpm
 libreport-gtk-2.0.9-5.el6_3.2.x86_64.rpm
 libreport-newt-2.0.9-5.el6_3.2.x86_64.rpm
 libreport-plugin-kerneloops-2.0.9-5.el6_3.2.x86_64.rpm
 libreport-plugin-logger-2.0.9-5.el6_3.2.x86_64.rpm
 libreport-plugin-mailx-2.0.9-5.el6_3.2.x86_64.rpm
 libreport-plugin-reportuploader-2.0.9-5.el6_3.2.x86_64.rpm
 libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.x86_64.rpm
 libreport-python-2.0.9-5.el6_3.2.x86_64.rpm
 abrt-addon-vmcore-2.0.8-6.el6_3.2.x86_64.rpm
 abrt-devel-2.0.8-6.el6_3.2.i686.rpm
 abrt-devel-2.0.8-6.el6_3.2.x86_64.rpm
 libreport-devel-2.0.9-5.el6_3.2.i686.rpm
 libreport-devel-2.0.9-5.el6_3.2.x86_64.rpm
 libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm
 libreport-gtk-devel-2.0.9-5.el6_3.2.x86_64.rpm
 libreport-plugin-bugzilla-2.0.9-5.el6_3.2.x86_64.rpm
 i386
 abrt-2.0.8-6.el6_3.2.i686.rpm
 abrt-addon-ccpp-2.0.8-6.el6_3.2.i686.rpm
 abrt-addon-kerneloops-2.0.8-6.el6_3.2.i686.rpm
 abrt-addon-python-2.0.8-6.el6_3.2.i686.rpm
 abrt-cli-2.0.8-6.el6_3.2.i686.rpm
 abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm
 abrt-desktop-2.0.8-6.el6_3.2.i686.rpm
 abrt-gui-2.0.8-6.el6_3.2.i686.rpm
 abrt-libs-2.0.8-6.el6_3.2.i686.rpm
 abrt-tui-2.0.8-6.el6_3.2.i686.rpm
 libreport-2.0.9-5.el6_3.2.i686.rpm
 libreport-cli-2.0.9-5.el6_3.2.i686.rpm
 libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm
 libreport-gtk-2.0.9-5.el6_3.2.i686.rpm
 libreport-newt-2.0.9-5.el6_3.2.i686.rpm
 libreport-plugin-kerneloops-2.0.9-5.el6_3.2.i686.rpm
 libreport-plugin-logger-2.0.9-5.el6_3.2.i686.rpm
 libreport-plugin-mailx-2.0.9-5.el6_3.2.i686.rpm
 libreport-plugin-reportuploader-2.0.9-5.el6_3.2.i686.rpm
 libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.i686.rpm
 libreport-python-2.0.9-5.el6_3.2.i686.rpm
 abrt-addon-vmcore-2.0.8-6.el6_3.2.i686.rpm
 abrt-devel-2.0.8-6.el6_3.2.i686.rpm
 libreport-devel-2.0.9-5.el6_3.2.i686.rpm
 libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm
 libreport-plugin-bugzilla-2.0.9-5.el6_3.2.i686.rpm

- Scientific Linux Development Team
Your message here