Title
Обновление RHSA-2012:0841: устранение уязвимостей и ошибок в abrt, libreport, btparser, и python-meh
Description
If the C handler plug-in in ABRT was enabled (the abrt-addon-ccpp package
installed and the abrt-ccpp service running), and the sysctl
fs.suid_dumpable option was set to "2" (it is "0" by default), core dumps
of set user ID (setuid) programs were created with insecure group ID
permissions. This could allow local, unprivileged users to obtain sensitive
information from the core dump files of setuid processes they would
otherwise not be able to access. (CVE-2012-1106)
ABRT did not allow users to easily search the collected crash information
for sensitive data prior to submitting it. This could lead to users
unintentionally exposing sensitive information via the submitted crash
reports. This update adds functionality to search across all the collected
data. Note that this fix does not apply to the default configuration, where
reports are sent to Red Hat Customer Support. It only takes effect for
users sending information to Red Hat Bugzilla. (CVE-2011-4088)