Oval Definition:oval:com.redhat.rhsa:def:20152504
Revision Date:2015-11-23Version:639
Title:RHSA-2015:2504: libreport security update (Moderate)
Description:libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. ABRT (Automatic Bug Reporting Tool) uses libreport.

  • It was found that ABRT may have exposed unintended information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused changes made by a user in files included in a crash report to be discarded. As a result, Red Hat Bugzilla attachments may contain data that was not intended to be made public, including host names, IP addresses, or command line options. (CVE-2015-5302)

    This flaw did not affect default installations of ABRT on Red Hat Enterprise Linux as they do not post data to Red Hat Bugzilla. This feature can however be enabled, potentially impacting modified ABRT instances.

    As a precaution, Red Hat has identified bugs filed by such non-default Red Hat Enterprise Linux users of ABRT and marked them private.

    This issue was discovered by Bastien Nocera of Red Hat.

    All users of libreport are advised to upgrade to these updated packages, which corrects this issue.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2015-5302
    RHSA-2015:2504
    RHSA-2015:2504-00
    RHSA-2015:2504-01
    Platform(s):Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libreport is earlier than 0:2.0.9-25.el6_7
  • AND libreport is signed with Red Hat redhatrelease2 key
  • libreport-cli is earlier than 0:2.0.9-25.el6_7
  • AND libreport-cli is signed with Red Hat redhatrelease2 key
  • libreport-compat is earlier than 0:2.0.9-25.el6_7
  • AND libreport-compat is signed with Red Hat redhatrelease2 key
  • libreport-devel is earlier than 0:2.0.9-25.el6_7
  • AND libreport-devel is signed with Red Hat redhatrelease2 key
  • libreport-filesystem is earlier than 0:2.0.9-25.el6_7
  • AND libreport-filesystem is signed with Red Hat redhatrelease2 key
  • libreport-gtk is earlier than 0:2.0.9-25.el6_7
  • AND libreport-gtk is signed with Red Hat redhatrelease2 key
  • libreport-gtk-devel is earlier than 0:2.0.9-25.el6_7
  • AND libreport-gtk-devel is signed with Red Hat redhatrelease2 key
  • libreport-newt is earlier than 0:2.0.9-25.el6_7
  • AND libreport-newt is signed with Red Hat redhatrelease2 key
  • libreport-plugin-bugzilla is earlier than 0:2.0.9-25.el6_7
  • AND libreport-plugin-bugzilla is signed with Red Hat redhatrelease2 key
  • libreport-plugin-kerneloops is earlier than 0:2.0.9-25.el6_7
  • AND libreport-plugin-kerneloops is signed with Red Hat redhatrelease2 key
  • libreport-plugin-logger is earlier than 0:2.0.9-25.el6_7
  • AND libreport-plugin-logger is signed with Red Hat redhatrelease2 key
  • libreport-plugin-mailx is earlier than 0:2.0.9-25.el6_7
  • AND libreport-plugin-mailx is signed with Red Hat redhatrelease2 key
  • libreport-plugin-reportuploader is earlier than 0:2.0.9-25.el6_7
  • AND libreport-plugin-reportuploader is signed with Red Hat redhatrelease2 key
  • libreport-plugin-rhtsupport is earlier than 0:2.0.9-25.el6_7
  • AND libreport-plugin-rhtsupport is signed with Red Hat redhatrelease2 key
  • libreport-plugin-ureport is earlier than 0:2.0.9-25.el6_7
  • AND libreport-plugin-ureport is signed with Red Hat redhatrelease2 key
  • libreport-python is earlier than 0:2.0.9-25.el6_7
  • AND libreport-python is signed with Red Hat redhatrelease2 key
  • BACK