CentOS Local Security Checks : CentOS Update for libreport CESA-2015:2504 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.882332

Categoría: CentOS Local Security Checks

Título: CentOS Update for libreport CESA-2015:2504 centos6

Resumen: Check the version of libreport

Descripción: Summary:
Check the version of libreport

Vulnerability Insight:
libreport provides an API for reporting
different problems in applications to different bug targets, such as Bugzilla,
FTP, and Trac. ABRT (Automatic Bug Reporting Tool) uses libreport.

It was found that ABRT may have exposed unintended information to Red Hat
Bugzilla during crash reporting. A bug in the libreport library caused
changes made by a user in files included in a crash report to be discarded.
As a result, Red Hat Bugzilla attachments may contain data that was not
intended to be made public, including host names, IP addresses, or command
line options. (CVE-2015-5302)

This flaw did not affect default installations of ABRT on Red Hat
Enterprise Linux as they do not post data to Red Hat Bugzilla. This feature
can however be enabled, potentially impacting modified ABRT instances.

As a precaution, Red Hat has identified bugs filed by such non-default Red
Hat Enterprise Linux users of ABRT and marked them private.

This issue was discovered by Bastien Nocera of Red Hat.

All users of libreport are advised to upgrade to these updated packages,
which corrects this issue.

Affected Software/OS:
libreport on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-5302
77685
http://www.securityfocus.com/bid/77685
FEDORA-2015-6542ab6d3a
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172695.html
RHSA-2015:2504
http://rhn.redhat.com/errata/RHSA-2015-2504.html
RHSA-2015:2505
http://rhn.redhat.com/errata/RHSA-2015-2505.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1270903
https://github.com/abrt/libreport/commit/257578a23d1537a2d235aaa2b1488ee4f818e360

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.882332
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for libreport CESA-2015:2504 centos6
Resumen:	Check the version of libreport
Descripción:	Summary: Check the version of libreport Vulnerability Insight: libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. ABRT (Automatic Bug Reporting Tool) uses libreport. It was found that ABRT may have exposed unintended information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused changes made by a user in files included in a crash report to be discarded. As a result, Red Hat Bugzilla attachments may contain data that was not intended to be made public, including host names, IP addresses, or command line options. (CVE-2015-5302) This flaw did not affect default installations of ABRT on Red Hat Enterprise Linux as they do not post data to Red Hat Bugzilla. This feature can however be enabled, potentially impacting modified ABRT instances. As a precaution, Red Hat has identified bugs filed by such non-default Red Hat Enterprise Linux users of ABRT and marked them private. This issue was discovered by Bastien Nocera of Red Hat. All users of libreport are advised to upgrade to these updated packages, which corrects this issue. Affected Software/OS: libreport on CentOS 6 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5302 77685 http://www.securityfocus.com/bid/77685 FEDORA-2015-6542ab6d3a http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172695.html RHSA-2015:2504 http://rhn.redhat.com/errata/RHSA-2015-2504.html RHSA-2015:2505 http://rhn.redhat.com/errata/RHSA-2015-2505.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1270903 https://github.com/abrt/libreport/commit/257578a23d1537a2d235aaa2b1488ee4f818e360
Copyright	Copyright (C) 2015 Greenbone AG