Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2015:2504
HistoryNov 23, 2015 - 12:00 a.m.

(RHSA-2015:2504) Moderate: libreport security update

2015-11-2300:00:00
access.redhat.com
17

0.006 Low

EPSS

Percentile

78.4%

JSON

libreport provides an API for reporting different problems in applications
to different bug targets, such as Bugzilla, FTP, and Trac. ABRT (Automatic
Bug Reporting Tool) uses libreport.

It was found that ABRT may have exposed unintended information to Red Hat
Bugzilla during crash reporting. A bug in the libreport library caused
changes made by a user in files included in a crash report to be discarded.
As a result, Red Hat Bugzilla attachments may contain data that was not
intended to be made public, including host names, IP addresses, or command
line options. (CVE-2015-5302)

This flaw did not affect default installations of ABRT on Red Hat
Enterprise Linux as they do not post data to Red Hat Bugzilla. This feature
can however be enabled, potentially impacting modified ABRT instances.

As a precaution, Red Hat has identified bugs filed by such non-default Red
Hat Enterprise Linux users of ABRT and marked them private.

This issue was discovered by Bastien Nocera of Red Hat.

All users of libreport are advised to upgrade to these updated packages,
which corrects this issue.

OSVersionArchitecturePackageVersionFilename
RedHat6s390xlibreport-compat< 2.0.9-25.el6_7libreport-compat-2.0.9-25.el6_7.s390x.rpm
RedHat6s390xlibreport-plugin-logger< 2.0.9-25.el6_7libreport-plugin-logger-2.0.9-25.el6_7.s390x.rpm
RedHat6ppc64libreport-cli< 2.0.9-25.el6_7libreport-cli-2.0.9-25.el6_7.ppc64.rpm
RedHat6x86_64libreport-filesystem< 2.0.9-25.el6_7libreport-filesystem-2.0.9-25.el6_7.x86_64.rpm
RedHat6srclibreport< 2.0.9-25.el6_7libreport-2.0.9-25.el6_7.src.rpm
RedHat6ppc64libreport< 2.0.9-25.el6_7libreport-2.0.9-25.el6_7.ppc64.rpm
RedHat6s390xlibreport< 2.0.9-25.el6_7libreport-2.0.9-25.el6_7.s390x.rpm
RedHat6ppclibreport-debuginfo< 2.0.9-25.el6_7libreport-debuginfo-2.0.9-25.el6_7.ppc.rpm
RedHat6s390xlibreport-devel< 2.0.9-25.el6_7libreport-devel-2.0.9-25.el6_7.s390x.rpm
RedHat6x86_64libreport-python< 2.0.9-25.el6_7libreport-python-2.0.9-25.el6_7.x86_64.rpm
Rows per page:
1-10 of 791

Related

cve 1
openvas 7
fedora 6
nessus 11
veracode 2
cvelist 1
nvd 1
oraclelinux 2
centos 2
prion 1
redhat 1
cve
cve
CVE-2015-5302
2015-12-07 18:59:03
openvas
openvas
Fedora Update for abrt FEDORA-2015-6542
2015-11-26 00:00:00
RedHat Update for libreport RHSA-2015:2504-01
2015-11-24 00:00:00
Oracle: Security Advisory (ELSA-2015-2504)
2015-11-24 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: libreport-2.6.3-1.fc23
2015-10-31 16:10:36
[SECURITY] Fedora 21 Update: libreport-2.3.0-10.fc21
2015-11-26 04:58:18
[SECURITY] Fedora 22 Update: abrt-2.6.1-6.fc22
2015-10-28 16:29:09
nessus
nessus
Fedora 23 : abrt-2.7.0-2.fc23 / libreport-2.6.3-1.fc23 (2015-cc585b503f)
2016-03-04 00:00:00
CentOS 6 : libreport (CESA-2015:2504)
2015-12-03 00:00:00
Scientific Linux Security Update : libreport on SL6.x i386/x86_64 (20151123)
2015-11-25 00:00:00
veracode
veracode
Information Disclosure
2019-01-15 09:08:41
Information Disclosure
2018-08-08 02:38:15
cvelist
cvelist
CVE-2015-5302
2015-12-07 18:00:00
nvd
nvd
CVE-2015-5302
2015-12-07 18:59:03
oraclelinux
oraclelinux
libreport security update
2015-11-23 00:00:00
abrt and libreport security update
2015-11-25 00:00:00
centos
centos
libreport security update
2015-12-02 13:52:30
abrt, libreport security update
2015-12-01 18:46:19
prion
prion
Code injection
2015-12-07 18:59:00
redhat
redhat
(RHSA-2015:2505) Moderate: abrt and libreport security update
2015-11-23 10:17:59

0.006 Low

EPSS

Percentile

78.4%

JSON
Related for RHSA-2015:2504
cve1openvas7fedora6nessus11veracode2cvelist1nvd1oraclelinux2centos2prion1redhat1