Fedora 21 : abrt-2.3.0-7.fc21 / gnome-abrt-1.0.0-3.fc21 / libreport-2.3.0-8.fc21 (2015-10193)

high Nessus Plugin ID 84475

Synopsis

The remote Fedora host is missing one or more security updates.

Description

Security fixes for :

- CVE-2015-3315

- CVE-2015-3142

- CVE-2015-1869

- CVE-2015-1870

- CVE-2015-3151

- CVE-2015-3150

- CVE-2015-3159

abrt: =====

- Move the default dump location from /var/tmp/abrt to /var/spool/abrt

- Use root for owner of all dump directories

- Stop reading hs_error.log from /tmp

- Don not save the system logs by default

- Don not save dmesg if kernel.dmesg_restrict=1

libreport: ==========

- Harden the code against directory traversal, symbolic and hard link attacks

- Fix a bug causing that the first value of AlwaysExcludedElements was ignored

- Fix missing icon for the 'Stop' button icon name

- Improve development documentation

- Translations updates

gnome-abrt: ===========

- Use DBus to get problem data for detail dialog

- Fix an error introduced with the details on System page

- Enabled the Details also for the System problems

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected abrt, gnome-abrt and / or libreport packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1169774

https://bugzilla.redhat.com/show_bug.cgi?id=1179752

https://bugzilla.redhat.com/show_bug.cgi?id=1193656

https://bugzilla.redhat.com/show_bug.cgi?id=1212821

https://bugzilla.redhat.com/show_bug.cgi?id=1212865

https://bugzilla.redhat.com/show_bug.cgi?id=1212871

https://bugzilla.redhat.com/show_bug.cgi?id=1213485

https://bugzilla.redhat.com/show_bug.cgi?id=1214452

https://bugzilla.redhat.com/show_bug.cgi?id=1214609

https://bugzilla.redhat.com/show_bug.cgi?id=1216975

https://bugzilla.redhat.com/show_bug.cgi?id=1218239

https://bugzilla.redhat.com/show_bug.cgi?id=986876

http://www.nessus.org/u?9e916c0f

http://www.nessus.org/u?d3b69026

http://www.nessus.org/u?d7b58c5a

Plugin Details

Severity: High

ID: 84475

File Name: fedora_2015-10193.nasl

Version: 2.7

Type: local

Agent: unix

Published: 7/1/2015

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:libreport, p-cpe:/a:fedoraproject:fedora:gnome-abrt, p-cpe:/a:fedoraproject:fedora:abrt, cpe:/o:fedoraproject:fedora:21

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/20/2015

Vulnerability Publication Date: 6/26/2017

Exploitable With

Metasploit (ABRT raceabrt Privilege Escalation)

Reference Information

CVE: CVE-2015-1869, CVE-2015-1870, CVE-2015-3142, CVE-2015-3150, CVE-2015-3151, CVE-2015-3159, CVE-2015-3315

FEDORA: 2015-10193