| |||||||||||||||||||
Mageia alert MGASA-2013-0047 (abrt)
MGASA-2013-0047 Date: February 9th, 2013 Affected releases: 2 Media: Core Description: Updated abrt and libreport packages fix security vulnerabilities: It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user (CVE-2012-5659). A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root (CVE-2012-5660). Updated Packages: i586: abrt-2.0.7-3.2.mga2.i586.rpm abrt-addon-ccpp-2.0.7-3.2.mga2.i586.rpm abrt-addon-kerneloops-2.0.7-3.2.mga2.i586.rpm abrt-addon-python-2.0.7-3.2.mga2.i586.rpm abrt-addon-vmcore-2.0.7-3.2.mga2.i586.rpm abrt-cli-2.0.7-3.2.mga2.i586.rpm abrt-desktop-2.0.7-3.2.mga2.i586.rpm abrt-gui-2.0.7-3.2.mga2.i586.rpm libabrt0-2.0.7-3.2.mga2.i586.rpm libabrt-devel-2.0.7-3.2.mga2.i586.rpm abrt-debug-2.0.7-3.2.mga2.i586.rpm libreport0-2.0.8-5.1.mga2.i586.rpm libreport-2.0.8-5.1.mga2.i586.rpm libreport-abrt_dbus0-2.0.8-5.1.mga2.i586.rpm libreport-abrt_web0-2.0.8-5.1.mga2.i586.rpm libreport-cli-2.0.8-5.1.mga2.i586.rpm libreport-compat-2.0.8-5.1.mga2.i586.rpm libreport-devel-2.0.8-5.1.mga2.i586.rpm libreport-filesystem-2.0.8-5.1.mga2.i586.rpm libreport-gtk0-2.0.8-5.1.mga2.i586.rpm libreport-gtk-2.0.8-5.1.mga2.i586.rpm libreport-gtk-devel-2.0.8-5.1.mga2.i586.rpm libreport-newt-2.0.8-5.1.mga2.i586.rpm libreport-plugin-bodhi-2.0.8-5.1.mga2.i586.rpm libreport-plugin-bugzilla-2.0.8-5.1.mga2.i586.rpm libreport-plugin-kerneloops-2.0.8-5.1.mga2.i586.rpm libreport-plugin-logger-2.0.8-5.1.mga2.i586.rpm libreport-plugin-mailx-2.0.8-5.1.mga2.i586.rpm libreport-plugin-reportuploader-2.0.8-5.1.mga2.i586.rpm libreport-python-2.0.8-5.1.mga2.i586.rpm libreport-debug-2.0.8-5.1.mga2.i586.rpm x86_64: abrt-2.0.7-3.2.mga2.x86_64.rpm abrt-addon-ccpp-2.0.7-3.2.mga2.x86_64.rpm abrt-addon-kerneloops-2.0.7-3.2.mga2.x86_64.rpm abrt-addon-python-2.0.7-3.2.mga2.x86_64.rpm abrt-addon-vmcore-2.0.7-3.2.mga2.x86_64.rpm abrt-cli-2.0.7-3.2.mga2.x86_64.rpm abrt-desktop-2.0.7-3.2.mga2.x86_64.rpm abrt-gui-2.0.7-3.2.mga2.x86_64.rpm lib64abrt0-2.0.7-3.2.mga2.x86_64.rpm lib64abrt-devel-2.0.7-3.2.mga2.x86_64.rpm abrt-debug-2.0.7-3.2.mga2.x86_64.rpm lib64report0-2.0.8-5.1.mga2.x86_64.rpm lib64report-abrt_dbus0-2.0.8-5.1.mga2.x86_64.rpm lib64report-abrt_web0-2.0.8-5.1.mga2.x86_64.rpm lib64report-devel-2.0.8-5.1.mga2.x86_64.rpm lib64report-gtk0-2.0.8-5.1.mga2.x86_64.rpm lib64report-gtk-devel-2.0.8-5.1.mga2.x86_64.rpm libreport-2.0.8-5.1.mga2.x86_64.rpm libreport-cli-2.0.8-5.1.mga2.x86_64.rpm libreport-compat-2.0.8-5.1.mga2.x86_64.rpm libreport-filesystem-2.0.8-5.1.mga2.x86_64.rpm libreport-gtk-2.0.8-5.1.mga2.x86_64.rpm libreport-newt-2.0.8-5.1.mga2.x86_64.rpm libreport-plugin-bodhi-2.0.8-5.1.mga2.x86_64.rpm libreport-plugin-bugzilla-2.0.8-5.1.mga2.x86_64.rpm libreport-plugin-kerneloops-2.0.8-5.1.mga2.x86_64.rpm libreport-plugin-logger-2.0.8-5.1.mga2.x86_64.rpm libreport-plugin-mailx-2.0.8-5.1.mga2.x86_64.rpm libreport-plugin-reportuploader-2.0.8-5.1.mga2.x86_64.rpm libreport-python-2.0.8-5.1.mga2.x86_64.rpm libreport-debug-2.0.8-5.1.mga2.x86_64.rpm SRPMS: abrt-2.0.7-3.2.mga2.src.rpm libreport-2.0.8-5.1.mga2.src.rpm References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5660 https://rhn.redhat.com/errata/RHSA-2013-0215.html https://bugs.mageia.org/show_bug.cgi?id=8937 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-... (Log in to post comments)
|
|||||||||||||||||||