RHSA-2015:1083High
Red Hat Security Advisory: abrt security update
🔗 CVE IDs covered (8)
📋 Description
CVE-2015-1869 — abrt: default event scripts follow symbolic links CVE-2015-1870 — abrt: default abrt event scripts lead to information disclosure CVE-2015-3142 — abrt: abrt-hook-ccpp writes core dumps to existing files owned by others CVE-2015-3147 — abrt: does not validate contents of uploaded problem reports CVE-2015-3150 — abrt: abrt-dbus does not guard against crafted problem directory path arguments CVE-2015-3151 — abrt: directory traversals in several D-Bus methods implemented by abrt-dbus CVE-2015-3159 — abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache CVE-2015-3315 — abrt: Various race-conditions and symlink issues found in abrt
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2015:1083
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1211835
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1212818
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1212861
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1212868
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1212953
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1214451
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1214457
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1216962
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1218610
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1083.json