libreport is vulnerable to information disclosure. Changes made by a user in files that are included in a crash report are discarded when the dump directory’s files are reviewed during crash reporting. This allows remote attackers to obtain confidential information such as host names, IP addresses or command line options.
CPE | Name | Operator | Version |
---|---|---|---|
libreport.so | eq | 0.0.1 | |
libreport.so | eq | 0.0.1 |
lists.fedoraproject.org/pipermail/package-announce/2015-November/172695.html
rhn.redhat.com/errata/RHSA-2015-2504.html
rhn.redhat.com/errata/RHSA-2015-2505.html
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
www.securityfocus.com/bid/77685
access.redhat.com/errata/RHSA-2015:2504
access.redhat.com/errata/RHSA-2015:2505
access.redhat.com/security/cve/CVE-2015-5302
bugzilla.redhat.com/show_bug.cgi?id=1270903
github.com/abrt/libreport/commit/257578a23d1537a2d235aaa2b1488ee4f818e360