stable

abrt-2.3.0-7.fc21, gnome-abrt-1.0.0-3.fc21, & 1 more

FEDORA-2015-10193 created by mhabrnal 10 years ago for Fedora 21

Security fixes for: * CVE-2015-3315 * CVE-2015-3142 * CVE-2015-1869 * CVE-2015-1870 * CVE-2015-3151 * CVE-2015-3150 * CVE-2015-3159

abrt:

  • Move the default dump location from /var/tmp/abrt to /var/spool/abrt
  • Use root for owner of all dump directories
  • Stop reading hs_error.log from /tmp
  • Don not save the system logs by default
  • Don not save dmesg if kernel.dmesg_restrict=1

libreport:

  • Harden the code against directory traversal, symbolic and hard link attacks
  • Fix a bug causing that the first value of AlwaysExcludedElements was ignored
  • Fix missing icon for the "Stop" button icon name
  • Improve development documentation
  • Translations updates

gnome-abrt:

  • Use DBus to get problem data for detail dialog
  • Fix an error introduced with the details on System page
  • Enabled the Details also for the System problems

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2015-10193

This update has been submitted for testing by mhabrnal.

10 years ago
User Icon taskotron commented 10 years ago

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/93143/steps/runtask/logs/stdio (results are informative only)

User Icon taskotron commented 10 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/93151/steps/runtask/logs/stdio (results are informative only)

mhabrnal has edited this update. New build(s): abrt-2.3.0-6.fc21, libreport-2.3.0-8.fc21. Removed build(s): abrt-2.3.0-5.fc21, libreport-2.3.0-7.fc21.

10 years ago
User Icon taskotron commented 10 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/93911/steps/runtask/logs/stdio (results are informative only)

User Icon taskotron commented 10 years ago

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/93911/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago
User Icon dimitrisk commented & provided feedback 10 years ago
karma

gnome-abrt crashes on start: ImportError: /lib64/libabrt.so.0: undefined symbol: create_dump_dir_from_problem_data_ext

User Icon dimitrisk commented 10 years ago

Looks like it needs a dependency version bump on libreport? Installing the updated one from updates-testing fixed this.

mhabrnal has edited this update. New build(s): gnome-abrt-1.0.0-3.fc21, abrt-2.3.0-7.fc21. Removed build(s): gnome-abrt-1.0.0-2.fc21, abrt-2.3.0-6.fc21.

10 years ago

This update has been submitted for testing by mhabrnal.

10 years ago
User Icon taskotron commented 10 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/99749/steps/runtask/logs/stdio (results are informative only)

User Icon taskotron commented 10 years ago

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/99749/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

10 years ago
User Icon filiperosset commented & provided feedback 10 years ago
karma

no regressions noted

This update has been pushed to testing

10 years ago
User Icon juliuxpigface commented & provided feedback 10 years ago
karma

Gone through some of the listed test-cases on Fedora 21 Workstation. No regressions found.

Critical path update approved

10 years ago
User Icon yuwata provided feedback 10 years ago
karma

This update has reached the stable karma threshold and will be pushed to the stable updates repository

10 years ago
User Icon taskotron commented 10 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/102172/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

10 years ago

This update has been pushed to stable

10 years ago

Please log in to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
10 years ago
in testing
10 years ago
in stable
10 years ago
modified
10 years ago
Builds
3
abrt-2.3.0-7.fc21
gnome-abrt-1.0.0-3.fc21
libreport-2.3.0-8.fc21
BZ#986876 RFE: Disallow core dump upload entirely
0
0
BZ#1169774 failure to extract debuginfo
0
0
BZ#1179752 undocumented options in abrt-cli
0
0
BZ#1193656 abrt-gui renders crash list white-on-white when using dark theme
0
0
BZ#1212821 CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others [fedora-all]
0
0
BZ#1212865 CVE-2015-1869 abrt: default event scripts follow symbolic links [fedora-all]
0
0
BZ#1212871 CVE-2015-1870 abrt: default abrt event scripts lead to information disclosure [fedora-all]
0
0
BZ#1213485 Can't extract files from downloaded debuginfo package
0
0
BZ#1214452 CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus [fedora-all]
0
0
BZ#1214609 CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments [fedora-all]
0
0
BZ#1216975 CVE-2015-3159 abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache [fedora-all]
0
0
BZ#1218239 CVE-2015-3315 abrt: Various race-conditions and symlink issues found in abrt [fedora-all]
0
0
abrt-2.3.0-7.fc21
gnome-abrt-1.0.0-3.fc21
libreport-2.3.0-8.fc21

Automated Test Results

Test Cases
0 0 Test Case QA:Obsolete Testcase ABRT Actions and Reporters
0 0 Test Case ABRT Application restart
0 0 Test Case ABRT BlackList
0 0 Test Case ABRT Bugzilla plugin
0 0 Test Case ABRT CCPP addon
0 0 Test Case ABRT CLI
0 0 Test Case ABRT CLI Localized
0 0 Test Case ABRT Configuration Storage
0 0 Test Case ABRT Cron
0 0 Test Case ABRT Desktop auto-reporting
0 0 Test Case ABRT GPG Keys
0 0 Test Case ABRT GPG check
0 0 Test Case ABRT GUI Localized
0 0 Test Case ABRT GUI MAIN
0 0 Test Case ABRT GUI Translation
0 0 Test Case ABRT Logger plugin
0 0 Test Case ABRT Mailx plugin
0 0 Test Case ABRT Plugins
0 0 Test Case ABRT RemoveSecurityInformation
0 0 Test Case ABRT Reporting Known Crash
0 0 Test Case ABRT SELinux
0 0 Test Case ABRT ccpp-journal
0 0 Test Case ABRT cnotify
0 0 Test Case ABRT containers
0 0 Test Case ABRT kernel addon
0 0 Test Case ABRT kernel-journal
0 0 Test Case ABRT python addon
0 0 Test Case ABRT python better debugging
0 0 Test Case ABRT python3
0 0 Test Case ABRT quota
0 0 Test Case ABRT ruby gem
0 0 Test Case ABRT server
0 0 Test Case ABRT sosreport
0 0 Test Case ABRT third party event extension
0 0 Test Case ABRT vmcore
0 0 Test Case ABRT vmcores
0 0 Test Case GNOME ABRT MAIN
0 0 Test Case Libreport Anaconda Install
0 0 Test Case Libreport anaconda
0 0 Test Case Libreport firstboot
0 0 Test Case Libreport sealert
0 0 Test Case Retrace Server CLI
0 0 Test Case Retrace Server GUI

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 25.11.3 on bodhi-web-20-v5tqb.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy