RedHat has issued an advisory today (June 20): https://rhn.redhat.com/errata/RHSA-2012-0841.html We have these packaged in Mageia 2. I can't find anything that says which versions of these packages are affected, but most likely ours are affected.
Whiteboard: (none) => MGA2TOO
CC: (none) => thierry.vignaud
CC: (none) => oe
Severity: normal => major
Not 100% sure, but looks like CVE-2011-4088 is probably fixed in abrt 2.0.7 and libreport 2.0.8, so Mageia 2 and Cauldron would be OK. It looks like CVE-2012-1106 was fixed in abrt 2.0.8 or 2.0.9, so we need to update that.
Patched abrt package uploaded for Mageia 2 and Cauldron. Advisory: ======================== Updated abrt packages fix security vulnerability: If the C handler plug-in in ABRT was enabled (the abrt-addon-ccpp package installed and the abrt-ccpp service running), and the sysctl fs.suid_dumpable option was set to "2" (it is "0" by default), core dumps of set user ID (setuid) programs were created with insecure group ID permissions. This could allow local, unprivileged users to obtain sensitive information from the core dump files of setuid processes they would otherwise not be able to access (CVE-2012-1106). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1106 https://rhn.redhat.com/errata/RHSA-2012-0841.html ======================== Updated packages in core/updates_testing: ======================== abrt-2.0.7-3.1.mga2 libabrt0-2.0.7-3.1.mga2 libabrt-devel-2.0.7-3.1.mga2 abrt-gui-2.0.7-3.1.mga2 abrt-addon-ccpp-2.0.7-3.1.mga2 abrt-addon-kerneloops-2.0.7-3.1.mga2 abrt-addon-vmcore-2.0.7-3.1.mga2 abrt-addon-python-2.0.7-3.1.mga2 abrt-cli-2.0.7-3.1.mga2 abrt-desktop-2.0.7-3.1.mga2 from abrt-2.0.7-3.1.mga2.src.rpm
URL: (none) => http://lwn.net/Vulnerabilities/502705/Version: Cauldron => 2Assignee: bugsquad => qa-bugsSource RPM: abrt, libreport, btparser => abrtWhiteboard: MGA2TOO => (none)Severity: major => normal
Any suggestions for testing this? I've tried following http://fedoraproject.org/wiki/QA:Testcase_ABRT_CLI Using "kill -SIGSEGV $pid", where the pid was a running firefox or kcalc process, but "abrt-cli list" is not showing any output.
CC: (none) => davidwhodgins
I'm not sure the integration status of abrt in Mageia, but maybe Thierry knows. He mentioned on the mageia-dev list that he's used it with GNOME apps: https://www.mageia.org/pipermail/mageia-dev/2012-August/018250.html
Thanks. It works with gedit. I'll look into testing it more tomorrow. [dave@x2v Documents]$ kill -SIGSEGV 3082 [dave@x2v Documents]$ abrt-cli list [1]+ Segmentation fault (core dumped) gedit
In /etc/sysctl.conf, I've added the line fs.suid_dumpable=2 and run sysctl -p. I mistook the seg fault output in Comment 5 as being output from abrt-cli list, but it isn't. As far as I can see, the core dump is not being generated, or captured by abrt. The directory /var/spool/abrt is empty. The abrt services are all running, so I'm not sure what else is needed, to activate it, or confirm it's working as it's supposed to. Any ideas?
Whiteboard: (none) => feedback
I think by default on Mageia, you can't make core files because of the ulimit settings, maybe a ulimit -c <large number> command will allow them to be created.
/etc/profile.d/00abrt.sh from abrt-addon-ccpp is already running ulimit -c unlimited so that's not it. Do the debug packages have to be installed for abrt to work?
I wouldn't think so. Thierry, can you give some input here?
Pinging for feedback please. Please see comment 6 onwards
As discussed in yesterdays qa meeting, I can only confirm the abrtd service starts ok, on Mageia 2 i586 and x86-64. Could someone from the sysadmin team push the srpm abrt-2.0.7-3.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Updated abrt packages fix security vulnerability: If the C handler plug-in in ABRT was enabled (the abrt-addon-ccpp package installed and the abrt-ccpp service running), and the sysctl fs.suid_dumpable option was set to "2" (it is "0" by default), core dumps of set user ID (setuid) programs were created with insecure group ID permissions. This could allow local, unprivileged users to obtain sensitive information from the core dump files of setuid processes they would otherwise not be able to access (CVE-2012-1106). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1106 https://rhn.redhat.com/errata/RHSA-2012-0841.html https://bugs.mageia.org/show_bug.cgi?id=6523
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: feedback => MGA2-64-OK MGA2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0357
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED