Security fixes for: * CVE-2015-3315 * CVE-2015-3142 * CVE-2015-1869 * CVE-2015-1870 * CVE-2015-3151 * CVE-2015-3150 * CVE-2015-3159

abrt: - Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories - Stop reading hs_error.log from /tmp - Don not save the system logs by default - Don not save dmesg if kernel.dmesg_restrict=1

libreport: - Harden the code against directory traversal, symbolic and hard link attacks - Fix a bug causing that the first value of AlwaysExcludedElements was ignored - Fix missing icon for the "Stop" button icon name - Improve development documentation - Translations updates

gnome-abrt: - Enabled the Details also for the System problems - Do not crash in the testing of availabitlity of XServer - Fix 'Open problem's data directory' - Quit Application on Ctrl+Q - Translation updates

satyr: - New kernel taint flags - More secure core stacktraces from core hook

How to install

sudo dnf upgrade --advisory=FEDORA-2015-9886

This update has been submitted for testing by jfilak.

6 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/80931/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/80931/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 22 testing updates repository.

6 years ago

This update has been pushed to testing

6 years ago
User Icon gbcox commented & provided feedback 6 years ago
karma

No issues noted

User Icon pschindl commented & provided feedback 6 years ago
karma

Works fine

Critical path update approved

6 years ago
User Icon evillagr commented & provided feedback 6 years ago
karma

work fine

This update has reached the stable karma threshold and will be pushed to the stable updates repository

6 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/87404/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 22 stable updates repository.

6 years ago

This update has been pushed to stable

6 years ago

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
BZ#1128400 ABRT does not honor dmesg_restrict
0
0
BZ#1212821 CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others [fedora-all]
0
0
BZ#1212865 CVE-2015-1869 abrt: default event scripts follow symbolic links [fedora-all]
0
0
BZ#1212871 CVE-2015-1870 abrt: default abrt event scripts lead to information disclosure [fedora-all]
0
0
BZ#1214452 CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus [fedora-all]
0
0
BZ#1214609 CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments [fedora-all]
0
0
BZ#1216975 CVE-2015-3159 abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache [fedora-all]
0
0
BZ#1218239 CVE-2015-3315 abrt: Various race-conditions and symlink issues found in abrt [fedora-all]
0
0

Automated Test Results

Test Cases

0 0 Test Case QA:Obsolete Testcase ABRT Actions and Reporters
0 0 Test Case ABRT Application restart
0 0 Test Case ABRT BlackList
0 0 Test Case ABRT Bugzilla plugin
0 0 Test Case ABRT CCPP addon
0 0 Test Case ABRT CLI
0 0 Test Case ABRT CLI Localized
0 0 Test Case ABRT Configuration Storage
0 0 Test Case ABRT Cron
0 0 Test Case ABRT Desktop auto-reporting
0 0 Test Case ABRT GPG Keys
0 0 Test Case ABRT GPG check
0 0 Test Case ABRT GUI Localized
0 0 Test Case ABRT GUI MAIN
0 0 Test Case ABRT GUI Translation
0 0 Test Case ABRT Logger plugin
0 0 Test Case ABRT Mailx plugin
0 0 Test Case ABRT Plugins
0 0 Test Case ABRT RemoveSecurityInformation
0 0 Test Case ABRT Reporting Known Crash
0 0 Test Case ABRT SELinux
0 0 Test Case ABRT ccpp-journal
0 0 Test Case ABRT cnotify
0 0 Test Case ABRT containers
0 0 Test Case ABRT kernel addon
0 0 Test Case ABRT kernel-journal
0 0 Test Case ABRT python addon
0 0 Test Case ABRT python better debugging
0 0 Test Case ABRT python3
0 0 Test Case ABRT quota
0 0 Test Case ABRT ruby gem
0 0 Test Case ABRT server
0 0 Test Case ABRT sosreport
0 0 Test Case ABRT third party event extension
0 0 Test Case ABRT vmcore
0 0 Test Case ABRT vmcores
0 0 Test Case GNOME ABRT MAIN
0 0 Test Case Libreport Anaconda Install
0 0 Test Case Libreport anaconda
0 0 Test Case Libreport firstboot
0 0 Test Case Libreport sealert
0 0 Test Case Retrace Server CLI
0 0 Test Case Retrace Server GUI