It was discovered that the kernel-invoked coredump processor provided by abrt writes core dumps to files owned by other system users. This could result in information disclosure if an application crashes while its current directory is a directory writable to other users (such as /tmp). Acknowledgement: This issue was discovered by Florian Weimer of Red Hat Product Security.
Created abrt tracking bugs for this issue: Affects: fedora-all [bug 1212821]
These upstream commits fixes this cve: https://github.com/abrt/abrt/commit/af945ff58a698ce00c45059a05994ef53a13e192 https://github.com/abrt/abrt/commit/806bb07571b698d90169c3b73cb65cd09c900284 https://github.com/abrt/abrt/commit/b72616471ec52a009904689592f4f69e730a6f56 https://github.com/abrt/abrt/commit/7269a2cc88735aee0d1fa62491b9efe73ab5c6e8
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:1083 https://rhn.redhat.com/errata/RHSA-2015-1083.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:1210 https://rhn.redhat.com/errata/RHSA-2015-1210.html