English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871508
Category:Red Hat Local Security Checks
Title:RedHat Update for libreport RHSA-2015:2504-01
Summary:The remote host is missing an update for the 'libreport'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'libreport'
package(s) announced via the referenced advisory.

Vulnerability Insight:
libreport provides an API for reporting
different problems in applications to different bug targets, such as Bugzilla,
FTP, and Trac. ABRT (Automatic Bug Reporting Tool) uses libreport.

It was found that ABRT may have exposed unintended information to Red Hat
Bugzilla during crash reporting. A bug in the libreport library caused
changes made by a user in files included in a crash report to be discarded.
As a result, Red Hat Bugzilla attachments may contain data that was not
intended to be made public, including host names, IP addresses, or command
line options. (CVE-2015-5302)

This flaw did not affect default installations of ABRT on Red Hat
Enterprise Linux as they do not post data to Red Hat Bugzilla. This feature
can however be enabled, potentially impacting modified ABRT instances.

As a precaution, Red Hat has identified bugs filed by such non-default Red
Hat Enterprise Linux users of ABRT and marked them private.

This issue was discovered by Bastien Nocera of Red Hat.

All users of libreport are advised to upgrade to these updated packages,
which corrects this issue.

Affected Software/OS:
libreport on Red Hat Enterprise Linux
Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-5302
77685
http://www.securityfocus.com/bid/77685
FEDORA-2015-6542ab6d3a
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172695.html
RHSA-2015:2504
http://rhn.redhat.com/errata/RHSA-2015-2504.html
RHSA-2015:2505
http://rhn.redhat.com/errata/RHSA-2015-2505.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1270903
https://github.com/abrt/libreport/commit/257578a23d1537a2d235aaa2b1488ee4f818e360
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.