stable

abrt-2.6.0-1.fc22, gnome-abrt-1.2.0-1.fc22, & 2 more

FEDORA-2015-9886 created by jfilak 10 years ago for Fedora 22

Security fixes for: * CVE-2015-3315 * CVE-2015-3142 * CVE-2015-1869 * CVE-2015-1870 * CVE-2015-3151 * CVE-2015-3150 * CVE-2015-3159

abrt: - Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories - Stop reading hs_error.log from /tmp - Don not save the system logs by default - Don not save dmesg if kernel.dmesg_restrict=1

libreport: - Harden the code against directory traversal, symbolic and hard link attacks - Fix a bug causing that the first value of AlwaysExcludedElements was ignored - Fix missing icon for the "Stop" button icon name - Improve development documentation - Translations updates

gnome-abrt: - Enabled the Details also for the System problems - Do not crash in the testing of availabitlity of XServer - Fix 'Open problem's data directory' - Quit Application on Ctrl+Q - Translation updates

satyr: - New kernel taint flags - More secure core stacktraces from core hook

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2015-9886

This update has been submitted for testing by jfilak.

10 years ago
User Icon taskotron commented 10 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/80931/steps/runtask/logs/stdio (results are informative only)

User Icon taskotron commented 10 years ago

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/80931/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 22 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago
User Icon gbcox commented & provided feedback 10 years ago
karma

No issues noted

User Icon pschindl commented & provided feedback 10 years ago
karma

Works fine

Critical path update approved

10 years ago
User Icon evillagr commented & provided feedback 10 years ago
karma

work fine

This update has reached the stable karma threshold and will be pushed to the stable updates repository

10 years ago
User Icon taskotron commented 10 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/87404/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 22 stable updates repository.

10 years ago

This update has been pushed to stable

10 years ago

Please log in to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
10 years ago
in testing
10 years ago
in stable
10 years ago
Builds
4
abrt-2.6.0-1.fc22
gnome-abrt-1.2.0-1.fc22
libreport-2.6.0-1.fc22
satyr-0.18-1.fc22
BZ#1128400 ABRT does not honor dmesg_restrict
0
0
BZ#1212821 CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others [fedora-all]
0
0
BZ#1212865 CVE-2015-1869 abrt: default event scripts follow symbolic links [fedora-all]
0
0
BZ#1212871 CVE-2015-1870 abrt: default abrt event scripts lead to information disclosure [fedora-all]
0
0
BZ#1214452 CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus [fedora-all]
0
0
BZ#1214609 CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments [fedora-all]
0
0
BZ#1216975 CVE-2015-3159 abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache [fedora-all]
0
0
BZ#1218239 CVE-2015-3315 abrt: Various race-conditions and symlink issues found in abrt [fedora-all]
0
0
abrt-2.6.0-1.fc22
gnome-abrt-1.2.0-1.fc22
libreport-2.6.0-1.fc22
satyr-0.18-1.fc22

Automated Test Results

Test Cases
0 0 Test Case QA:Obsolete Testcase ABRT Actions and Reporters
0 0 Test Case ABRT Application restart
0 0 Test Case ABRT BlackList
0 0 Test Case ABRT Bugzilla plugin
0 0 Test Case ABRT CCPP addon
0 0 Test Case ABRT CLI
0 0 Test Case ABRT CLI Localized
0 0 Test Case ABRT Configuration Storage
0 0 Test Case ABRT Cron
0 0 Test Case ABRT Desktop auto-reporting
0 0 Test Case ABRT GPG Keys
0 0 Test Case ABRT GPG check
0 0 Test Case ABRT GUI Localized
0 0 Test Case ABRT GUI MAIN
0 0 Test Case ABRT GUI Translation
0 0 Test Case ABRT Logger plugin
0 0 Test Case ABRT Mailx plugin
0 0 Test Case ABRT Plugins
0 0 Test Case ABRT RemoveSecurityInformation
0 0 Test Case ABRT Reporting Known Crash
0 0 Test Case ABRT SELinux
0 0 Test Case ABRT ccpp-journal
0 0 Test Case ABRT cnotify
0 0 Test Case ABRT containers
0 0 Test Case ABRT kernel addon
0 0 Test Case ABRT kernel-journal
0 0 Test Case ABRT python addon
0 0 Test Case ABRT python better debugging
0 0 Test Case ABRT python3
0 0 Test Case ABRT quota
0 0 Test Case ABRT ruby gem
0 0 Test Case ABRT server
0 0 Test Case ABRT sosreport
0 0 Test Case ABRT third party event extension
0 0 Test Case ABRT vmcore
0 0 Test Case ABRT vmcores
0 0 Test Case GNOME ABRT MAIN
0 0 Test Case Libreport Anaconda Install
0 0 Test Case Libreport anaconda
0 0 Test Case Libreport firstboot
0 0 Test Case Libreport sealert
0 0 Test Case Retrace Server CLI
0 0 Test Case Retrace Server GUI

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 25.11.3 on bodhi-web-20-v5tqb.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy