4 matches found
CVE-2026-54230 Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites
A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the ONOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and...
MiracleLinux 4 : btparser-0.17-1.AXS4, abrt-2.0.8-15.0.1.AXS4, libreport-2.0.9-15.0.2.AXS4 (AXSA:2013-204:01)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-204:01 advisory. abrt: abrt is a tool to help users to detect defects in applications and to create a bug report with all informations needed by maintainer to fix it...
Scientific Linux Security Update : libreport on SL6.x i386/x86_64 (20151123)
It was found that ABRT may have exposed unintended information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused changes made by a user in files included in a crash report to be discarded. As a result, Bugzilla attachments may contain data that was not intended to ...
libreport: Possible private data leak in Bugzilla bugs opened by ABRT
It was found that ABRT may have exposed non-public information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused changes made by a user in files included in a crash report to be discarded. As a result, Red Hat Bugzilla attachments may contain data that was not...