Detections
Analytics

Fedora 22 : abrt-2.6.0-1.fc22 / gnome-abrt-1.2.0-1.fc22 / libreport-2.6.0-1.fc22 / satyr-0.18-1.fc22 (2015-9886)

high Nessus Plugin ID 84312

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

Security fixes for :

 - CVE-2015-3315

 - CVE-2015-3142

 - CVE-2015-1869

 - CVE-2015-1870

 - CVE-2015-3151

 - CVE-2015-3150

 - CVE-2015-3159

abrt :

 - Move the default dump location from /var/tmp/abrt to /var/spool/abrt

 - Use root for owner of all dump directories

 - Stop reading hs_error.log from /tmp

 - Don not save the system logs by default

 - Don not save dmesg if kernel.dmesg_restrict=1

libreport :

 - Harden the code against directory traversal, symbolic and hard link attacks

 - Fix a bug causing that the first value of AlwaysExcludedElements was ignored

 - Fix missing icon for the 'Stop' button icon name

 - Improve development documentation

 - Translations updates

gnome-abrt :

 - Enabled the Details also for the System problems

 - Do not crash in the testing of availabitlity of XServer

 - Fix 'Open problem's data directory'

 - Quit Application on Ctrl+Q

 - Translation updates

satyr :

 - New kernel taint flags

 - More secure core stacktraces from core hook

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1128400

https://bugzilla.redhat.com/show_bug.cgi?id=1212821

https://bugzilla.redhat.com/show_bug.cgi?id=1212865

https://bugzilla.redhat.com/show_bug.cgi?id=1212871

https://bugzilla.redhat.com/show_bug.cgi?id=1214452

https://bugzilla.redhat.com/show_bug.cgi?id=1214609

https://bugzilla.redhat.com/show_bug.cgi?id=1216975

https://bugzilla.redhat.com/show_bug.cgi?id=1218239

http://www.nessus.org/u?c64f5b7d

http://www.nessus.org/u?b84b95df

http://www.nessus.org/u?b449c29f

http://www.nessus.org/u?ca41820c

Plugin Details

Severity: High

ID: 84312

File Name: fedora_2015-9886.nasl

Version: 2.7

Type: local

Agent: unix

Published: 6/22/2015

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:abrt, p-cpe:/a:fedoraproject:fedora:gnome-abrt, p-cpe:/a:fedoraproject:fedora:libreport, p-cpe:/a:fedoraproject:fedora:satyr, cpe:/o:fedoraproject:fedora:22

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/13/2015

Vulnerability Publication Date: 6/26/2017

Exploitable With

Metasploit (ABRT raceabrt Privilege Escalation)

Reference Information

CVE: CVE-2015-1869, CVE-2015-1870, CVE-2015-3142, CVE-2015-3150, CVE-2015-3151, CVE-2015-3159, CVE-2015-3315

FEDORA: 2015-9886