Detections
Analytics

MiracleLinux 4 : btparser-0.17-1.AXS4, abrt-2.0.8-15.0.1.AXS4, libreport-2.0.9-15.0.2.AXS4 (AXSA:2013-204:01)

critical Nessus Plugin ID 289969

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-204:01 advisory.

 abrt: abrt is a tool to help users to detect defects in applications and to create a bug report with all informations needed by maintainer to fix it. It uses plugin system to extend its functionality.
 libreport: Libraries providing API for reporting different problems in applications to different bug targets like Bugzilla, ftp, trac, etc...
 btparser: Btparser is a backtrace parser and analyzer, which works with backtraces produced by the GNU Project Debugger. It can parse a text file with a backtrace to a tree of C structures, allowing to analyze the threads and frames of the backtrace and work with them.
 Btparser also contains some backtrace manipulation and extraction routines:
 it can find a frame in the crash-time backtrace where the program most likely crashed (a chance is that the function described in that frame is buggy) it can produce a duplication hash of the backtrace, which helps to discover that two crash-time backtraces are duplicates, triggered by the same flaw of the code it can rate the backtrace quality, which depends on the number of frames with and without the function name known (missing function name is caused by missing debugging symbols) Security issues fixed with this release:
 CVE-2012-5659 Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module.
 CVE-2012-5660 abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on the directories used to store information about crashes.
 Fixed bugs:
 abrt more multilib fixes rebuild because of broken brew builder Prevent daemon from being stuck (unresponsive to socket connects) while post-create even runs Prevent infinite loop of crashes don't follow symlinks fixed possible deadlock in abrt daemon fixed relro flags fixed the undefined weak symbols updated translation hopefully fixed ugly applet icon abrt-install-ccpp-hook: fix the check for %e presense abrt-harvest-vmcore: add CopyVMcore config option to copy vmcores.
 fixed problems discovered by brewtap don't try to run dbus-send if it's not installed [abrt] abrt-addon-ccpp-2.0.7-4.fc17: abrt-action-analyze-core:106:extract_info_from_core:IndexError: list index out of range abrt-addon-python: The process might hang forever if no one collects the dump it sends Reporting may fail with: abrt-bodhi: command not found too strict check for tainted kernel rhbz#814594 - abrt-ccpp status returned no status messages abrt missing dependency: libreport-plugin-bugzilla abrt-addon-python: The process might hang forever if no one collects the dump it sends don't remove new problems from abrt-upload directory libreport rebuilding beacause of failed rpmdiff - no changes in same cases we have to follow symlinks don't follow symlinks fixed relro flags removed confusing warning message added versioned requirements to silence rpmdiff removed reporter-bugzilla from config file re-added by mistake updated translation fixed brewtap warnings silence few rpmdiff warnings don't show the user credentials in logs use the default template for bz reports fix adding users to CC in bugzilla don't warn about daemon connection when deleting a problem ignore non problem dirs when cleaning old problems opt kernel out of showing smolt information in abrt bug reports.
 ABRT mailx plugin on by default causes crashes being always labelled as reported pkg-config --cflags libreport includs -fPIC Coverity revealed memory leaks and possibly other issues GLib warnings by report-gtk when crash dir does not exist `report' tool requires current working directory to be a crash dir Searching for duplicate anaconda bugs while reporting exception against partner-bugzilla during install fails Undefined non-weak symbols ABRT has wrong URL in dialog btparser New upstream release

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/3832

Plugin Details

Severity: Critical

ID: 289969

File Name: miracle_linux_AXSA-2013-204.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-5660

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2012-5659

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:libreport-plugin-kerneloops, p-cpe:/a:miracle:linux:libreport-plugin-logger, p-cpe:/a:miracle:linux:libreport-plugin-mailx, p-cpe:/a:miracle:linux:libreport-python, p-cpe:/a:miracle:linux:abrt, p-cpe:/a:miracle:linux:abrt-addon-kerneloops, p-cpe:/a:miracle:linux:abrt-cli, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:abrt-tui, p-cpe:/a:miracle:linux:btparser, p-cpe:/a:miracle:linux:libreport-plugin-rhtsupport, p-cpe:/a:miracle:linux:abrt-libs, p-cpe:/a:miracle:linux:abrt-desktop, p-cpe:/a:miracle:linux:libreport-cli, p-cpe:/a:miracle:linux:abrt-addon-python, p-cpe:/a:miracle:linux:libreport-plugin-reportuploader, p-cpe:/a:miracle:linux:libreport, p-cpe:/a:miracle:linux:libreport-newt, p-cpe:/a:miracle:linux:libreport-compat, p-cpe:/a:miracle:linux:abrt-addon-ccpp, p-cpe:/a:miracle:linux:libreport-gtk, p-cpe:/a:miracle:linux:abrt-gui

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/22/2013

Vulnerability Publication Date: 1/31/2013

Reference Information

CVE: CVE-2012-5659, CVE-2012-5660