CentOS Local Security Checks : CentOS Update for libreport CESA-2015:2504 centos6

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.882332

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for libreport CESA-2015:2504 centos6

Zusammenfassung: Check the version of libreport

Beschreibung: Summary:
Check the version of libreport

Vulnerability Insight:
libreport provides an API for reporting
different problems in applications to different bug targets, such as Bugzilla,
FTP, and Trac. ABRT (Automatic Bug Reporting Tool) uses libreport.

It was found that ABRT may have exposed unintended information to Red Hat
Bugzilla during crash reporting. A bug in the libreport library caused
changes made by a user in files included in a crash report to be discarded.
As a result, Red Hat Bugzilla attachments may contain data that was not
intended to be made public, including host names, IP addresses, or command
line options. (CVE-2015-5302)

This flaw did not affect default installations of ABRT on Red Hat
Enterprise Linux as they do not post data to Red Hat Bugzilla. This feature
can however be enabled, potentially impacting modified ABRT instances.

As a precaution, Red Hat has identified bugs filed by such non-default Red
Hat Enterprise Linux users of ABRT and marked them private.

This issue was discovered by Bastien Nocera of Red Hat.

All users of libreport are advised to upgrade to these updated packages,
which corrects this issue.

Affected Software/OS:
libreport on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-5302
77685
http://www.securityfocus.com/bid/77685
FEDORA-2015-6542ab6d3a
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172695.html
RHSA-2015:2504
http://rhn.redhat.com/errata/RHSA-2015-2504.html
RHSA-2015:2505
http://rhn.redhat.com/errata/RHSA-2015-2505.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1270903
https://github.com/abrt/libreport/commit/257578a23d1537a2d235aaa2b1488ee4f818e360

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.882332
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for libreport CESA-2015:2504 centos6
Zusammenfassung:	Check the version of libreport
Beschreibung:	Summary: Check the version of libreport Vulnerability Insight: libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. ABRT (Automatic Bug Reporting Tool) uses libreport. It was found that ABRT may have exposed unintended information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused changes made by a user in files included in a crash report to be discarded. As a result, Red Hat Bugzilla attachments may contain data that was not intended to be made public, including host names, IP addresses, or command line options. (CVE-2015-5302) This flaw did not affect default installations of ABRT on Red Hat Enterprise Linux as they do not post data to Red Hat Bugzilla. This feature can however be enabled, potentially impacting modified ABRT instances. As a precaution, Red Hat has identified bugs filed by such non-default Red Hat Enterprise Linux users of ABRT and marked them private. This issue was discovered by Bastien Nocera of Red Hat. All users of libreport are advised to upgrade to these updated packages, which corrects this issue. Affected Software/OS: libreport on CentOS 6 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5302 77685 http://www.securityfocus.com/bid/77685 FEDORA-2015-6542ab6d3a http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172695.html RHSA-2015:2504 http://rhn.redhat.com/errata/RHSA-2015-2504.html RHSA-2015:2505 http://rhn.redhat.com/errata/RHSA-2015-2505.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1270903 https://github.com/abrt/libreport/commit/257578a23d1537a2d235aaa2b1488ee4f818e360
Copyright	Copyright (C) 2015 Greenbone AG