| Description: | Summary:
The remote host is missing an update for the 'abrt, libreport' package(s) announced via the ELSA-2015-1210 advisory.
Vulnerability Insight:
abrt
[2.0.8-26.0.1.el6_6.1]
- Add abrt-oracle-enterprise.patch to be product neutral
- Remove abrt-plugin-rhtsupport dependency for cli and desktop
- Make abrt Obsoletes/Provides abrt-plugin-rhtsupprot
[2.0.8-26.el6_6.1]
- remove old dump directories in upgrade
- remove outdated rmp scriptlets
- daemon: allow only root to submit CCpp, Koops, VMCore and Xorg problems
- abrt-action-install-debuginfo-to-abrt-cache: sanitize arguments and umask
- make the problem directories owned by abrt and the group root
- validate uploaded problem directories in abrt-handle-upload
- don't override nor remove files with user core dump files
- fix symbolic link and race condition flaws
- Resolves: #1211966
libreport
[2.0.9-21.0.1.el6_6.1]
- Add oracle-enterprise.patch and oracle-enterprise-po.patch
- Remove libreport-plugin-rhtsupport pkg
[2.0.9-21.el6_6.1]
- switch dump directory owner from 'abrt:user' to 'user:abrt' (rhbz#1212093)
- harden against directory traversal, crafted symbolic links (rhbz#1212093)
- avoid race-conditions in dump dir opening (rhbz#1212093)
- Resolves: #1211966
Affected Software/OS:
'abrt, libreport' package(s) on Oracle Linux 6.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
