Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Scientific Linux SL7.x: 2016-0188-1 Moderate: sos Local Attack Risk Fix

Calendar Feb 16, 2016 User Avatar LinuxSecurity Advisories
1 - 2 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate update symbolic link sos scientific linux
Moderate: sos security and bug fix update 
Date: Tue, 16 Feb 2016 16:26:16 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: sos on SL7.x (noarch)
MIME-Version: 1.0
Message-ID: <20160216162616.8839.40648@slpackages.fnal.gov>

Synopsis: Moderate: sos security and bug fix update
Advisory ID: SLSA-2016:0188-1
Issue Date: 2016-02-16
CVE Numbers: CVE-2015-7529
--

An insecure temporary file use flaw was found in the way sos created
certain sosreport files. A local attacker could possibly use this flaw to
perform a symbolic link attack to reveal the contents of sosreport files,
or in some cases modify arbitrary files and escalate their privileges on
the system. (CVE-2015-7529)

This update also fixes the following bug:

* Previously, the sosreport tool was not collecting the /var/lib/ceph and
/var/run/ceph directories when run with the ceph plug-in enabled, causing
the generated sosreport archive to miss vital troubleshooting information
about ceph. With this update, the ceph plug-in for sosreport collects
these directories, and the generated report contains more useful
information.
--

SL7
 noarch
 sos-3.2-35.el7_2.3.noarch.rpm

- Scientific Linux Development Team

Related News

Your message here