4 matches found
CVE-2026-54230 Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites
A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the ONOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and...
Canonical apport 安全漏洞
Canonical apport is an open source crash reporting tool from Canonical. A security vulnerability exists in Canonical apport that stems from improper group ownership settings when the crash reporting tool creates crash files, which could lead to the disclosure of crash information...
[SECURITY] Fedora 41 Update: abrt-2.17.8-1.fc41
abrt is a tool to help users to detect defects in applications and to create a bug report with all information needed by maintainer to fix it. It uses plugin system to extend its functionality...
libreport: Possible private data leak in Bugzilla bugs opened by ABRT
It was found that ABRT may have exposed non-public information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused changes made by a user in files included in a crash report to be discarded. As a result, Red Hat Bugzilla attachments may contain data that was not...