Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
89
security advisoryupdateFedoraFedora: 2024-2fb8991c68 critical: sos 4.6.1 troubleshooting enhancement
Rebase on upstream 4.6.1: see https://github.com/sosreport/sos/releases/tag/4.6.1 for full changelog.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-2fb8991c68 2024-01-20 03:24:12.788932 -------------------------------------------------------------------------------- Name : sos Product : Fedora 38 Version : 4.6.1 Release : 1.fc38 URL : https://github.com/sosreport/sos Summary : A set of tools to gather troubleshooting information from a system Description : Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging. Sos is commonly used to help support technicians and developers. -------------------------------------------------------------------------------- Update Information: Rebase on upstream 4.6.1: see https://github.com/sosreport/sos/releases/tag/4.6.1 for full changelog. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 11 2024 Sandro Bonazzola - 4.6.1-1 - Update to 4.6.1 - Resolves: fedora#2257777 - Resolves: fedora#2244214 * Mon Aug 21 2023 Sandro Bonazzola - 4.6.0-1 - Update to 4.6.0 - Resolves: fedora#2232710 * Mon Jul 24 2023 Sandro Bonazzola - 4.5.6-1 - Update to 4.5.6 - Resolves: fedora#2224676 - Resolves: fedora#2223526 * Sat Jul 22 2023 Fedora Release Engineering - 4.5.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jun 27 2023 Python Maint - 4.5.5-2 - Rebuilt for Python 3.12 * Tue Jun 27 2023 Sandro Bonazzola - 4.5.5-1 - Update to 4.5.5 - Resolves: rhbz#2217163 * Wed Jun 14 2023 Python Maint - 4.5.4-4 - Rebuilt for Python 3.12 * Thu Jun 1 2023 Sandro Bonazzola - 4.5.4-3 - Adapt to new Fedora packaging guidelines * Mon May 29 2023 Sandro Bonazzola - 4.5.4-2 - Remove unneeded requirements * Mon May 29 2023 Sandro Bonazzola - 4.5.4-1 -Update to 4.5.4 - Resolves: rhbz#2210423 * Tue May 2 2023 Sandro Bonazzola - 4.5.3-1 - Update to 4.5.3 - Resolves: rhbz#2192086 * Mon Apr 3 2023 Sandro Bonazzola - 4.5.2-1 - Update to 4.5.2 - Resolves: rhbz#2183722 * Fri Mar 17 2023 Sandro Bonazzola - 4.5.1-2 - migrated to SPDX license -------------------------------------------------------------------------------- References: [ 1 ] Bug #2244214 - sos: Ansible Automation Platform collects customer passwords and tokens via sosreport [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2244214 [ 2 ] Bug #2257777 - sos-4.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2257777 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2fb8991c68' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 20, 2024
•Critical
Fedora
98
security advisorymoderatelocal attackRed Hat Enterprise Linux 7: RHSA-2016:0188 Moderate: Sos Insecure File Flaw
An updated sos package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: sos security and bug fix update Advisory ID: RHSA-2016:0188-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:0188.html Issue date: 2016-02-16 CVE Names: CVE-2015-7529 ==================================================================== 1. Summary: An updated sos package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The sos package contains a set of utilities that gather information from system hardware, logs, and configuration files. The information can then be used for diagnostic purposes and debugging. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. (CVE-2015-7529) This issue was discovered by Mateusz Guzik of Red Hat. This update also fixes the following bug: * Previously, the sosreport tool was notcollecting the /var/lib/ceph and /var/run/ceph directories when run with the ceph plug-in enabled, causing the generated sosreport archive to miss vital troubleshooting information about ceph. With this update, the ceph plug-in for sosreport collects these directories, and the generated report contains more useful information. (BZ#1291347) All users of sos are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1282542 - CVE-2015-7529 sos: Usage of predictable temporary files allows privilege escalation 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: sos-3.2-35.el7_2.3.src.rpm noarch: sos-3.2-35.el7_2.3.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: sos-3.2-35.el7_2.3.src.rpm noarch: sos-3.2-35.el7_2.3.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: sos-3.2-35.el7_2.3.src.rpm noarch: sos-3.2-35.el7_2.3.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: sos-3.2-35.el7_2.3.src.rpm noarch: sos-3.2-35.el7_2.3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2015-7529 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWwyNmXlSAg2UNWIIRAnO4AJ9fvNiKZWXt7tNmZckGj+ZwbEg7yQCdF6tc BccFgLAKTertp7JAVc2ITDc=q6c8 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Feb 16, 2016
Red Hat
200
security advisorymoderateupdateScientific Linux SL7.x: 2016-0188-1 Moderate: sos Local Attack Risk Fix
Moderate: sos security and bug fix update. Date: Tue, 16 Feb 2016 16:26:16 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: sos on SL7.x (noarch) MIME-Version: 1.0 Message-ID: Synopsis: Moderate: sos security and bug fix update Advisory ID: SLSA-2016:0188-1 Issue Date: 2016-02-16 CVE Numbers: CVE-2015-7529 -- An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. (CVE-2015-7529) This update also fixes the following bug: * Previously, the sosreport tool was not collecting the /var/lib/ceph and /var/run/ceph directories when run with the ceph plug-in enabled, causing the generated sosreport archive to miss vital troubleshooting information about ceph. With this update, the ceph plug-in for sosreport collects these directories, and the generated report contains more useful information. -- SL7 noarch sos-3.2-35.el7_2.3.noarch.rpm - Scientific Linux Development Team . Timely security patch for sos on Scientific Linux SL7.x, addresses a vulnerability related to file permissions and enhances data extraction capabilities.. Scientific Linux, sos security, system patching, local attacker risk. . Severity: Important. LinuxSecurity.com Team
Feb 16, 2016
•Important
Scientific Linux
89
security advisoryfedoracriticalFedora 23: FEDORA-2015-84b1635e90 Critical: Sos Privilege Escalation
Security fix for CVE-2015-7529. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-84b1635e90 2015-12-28 19:20:02.183918 -------------------------------------------------------------------------------- Name : sos Product : Fedora 23 Version : 3.2 Release : 2.fc23 URL : https://github.com/sosreport/sos Summary : A set of tools to gather troubleshooting information from a system Description : Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging. Sos is commonly used to help support technicians and developers. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-7529 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1282542 - CVE-2015-7529 sos: Usage of predictable temporary files allows privilege escalation https://bugzilla.redhat.com/show_bug.cgi?id=1282542 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update sos' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Dec 28, 2015
•Critical
Fedora
200
security advisorysecurity issuelow severityScientific Linux: SLSA-2013:1122-0 Moderate: Logging Issue in Sos
Low: sos security update. Date: Tue, 30 Jul 2013 19:26:33 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Low: sos on SL5.x (noarch) MIME-Version: 1.0 Synopsis: Low: sos security update Advisory ID: SLSA-2013:1121-1 Issue Date: 2013-07-30 CVE Numbers: CVE-2012-2664 -- The sosreport utility collected the Kickstart configuration file ("/root /anaconda-ks.cfg"), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password. (CVE-2012-2664) Note: This issue affected all installations, not only systems installed via Kickstart. A "/root/anaconda-ks.cfg" file is created by all installation types. The utility also collects yum repository information from "/etc/yum.repos.d" which in uncommon configurations may contain passwords. Any http_proxy password specified in these files will now be automatically removed. Passwords embedded within URLs in these files should be manually removed or the files excluded from the archive. -- SL5 noarch sos-1.7-9.62.el5_9.1.noarch.rpm - Scientific Linux Development Team lastline . An urgent security alert regarding Scientific Linux highlights the risk of root password exposure within archived files. Discover further details.. Scientific Linux Security,Sos Security Update,Password Exposure Advisory,Low Severity Security Fix,Security Update Bulletin. . Severity: Low. LinuxSecurity.com Team
Jul 30, 2013
•Low
Scientific Linux
200
security advisorysecurity issuebug fixScientific Linux: 2012-02-21 Low: sos Security Advisory
Low: sos security, bug fix, and enhancement update. Date: Wed, 21 Mar 2012 16:25:11 -0500 Reply-To:
Mar 21, 2012
•Low
Scientific Linux
98
security advisorysecurity updateRed HatRed Hat 5: RHSA-2012:0153-03 Low: sos Security Fix and Enhancements
An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: sos security, bug fix, and enhancement update Advisory ID: RHSA-2012:0153-03 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:0153.html Issue date: 2012-02-21 CVE Names: CVE-2011-4083 ==================================================================== 1. Summary: An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - noarch Red Hat Enterprise Linux Desktop (v. 5 client) - noarch 3. Description: Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to access Red Hat Network content available to the host. This issue did not affect users of Red Hat Network Classic. (CVE-2011-4083) This updated sos package also includes numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Usersare directed to the Red Hat Enterprise Linux 5.8 Technical Notes, linked to in the References, for information on the most significant of these changes. All sos users are advised to upgrade to thisupdated package, which resolves these issues and adds these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 627416 - sos rfe - request to update sos plugin cs.py for Red Hat Certificate System 641020 - [RFE] improve sos plugin to capture MRG GRID related information 655046 - sosreport French translation of y/n prompt is wrong and confusing 673246 - [RFE] include output of ibv_devinfo command (libibverbs-utils package) in sosreport 677123 - RFE: iSCSI Target plugin for sosreport. 708346 - sosreport hangs the system when multiple SIGTERMs received 716987 - Relative symlink in created report for truncated log files is wrong 717167 - make non-standard log file collection more robust 717480 - Fix problems hidden by __raisePlugins__ = 0, create logging for plugin errors717962 - When copying directory into report using addCopySpec, links inside are not handled correctly 726421 - [RFE] sosreport should collect the result of ethtool -g, ethtool -c, and ethtool -a by default 749383 - CVE-2011-4083 sos: sosreport is gathering certificate-based RHN entitlement private keys 750573 - sosreport cluster modules fail with badly formed cluster.conf 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: noarch: sos-1.7-9.62.el5.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: noarch: sos-1.7-9.62.el5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2011-4083 https://access.redhat.com/security/updates/classification#low https://access.redhat.com/search/ 8. Contact: The Red Hat securitycontact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2012 Red Hat, Inc. . The recent advisories from Red Hat include essential updates for the sos package, aimed at resolving minor security vulnerabilities and implementing several improvements.. sos package update, Red Hat security advisory, low severity fix, system enhancement. . Severity: Low. LinuxSecurity.com Team
Feb 21, 2012
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!