Red Hat Bugzilla – Bug 991604
CVE-2013-4209 ABRT: (substantially) limited leak of unauthorized information
Last modified: 2015-10-15 13:56:27 EDT
A flaw was found in abrt, where a local attacker could obtain the SHA1SUM of a file they should have no access to.
This issue was discovered by Jan Pokorný of Red Hat.
Not vulnerable. This issue did not affect the versions of abrt as shipped with Red Hat Enterprise Linux 6.
Time to open this up.
We now ship the fixed version 2.1.6 on all previously affected products.
In upstream commit https://github.com/abrt/abrt/commit/776209bd00b0dd16d02dd20fdb14eecbb6b9fa18 the format of core backtraces changed significantly. Source file hashes are no longer included for python exception reports.