Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
98
security advisorybug fixRed Hat Enterprise LinuxRed Hat: RHSA-2016-0152-01 Moderate: Sos Local Attack Flaw Fix
An updated sos package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: sos security and bug fix update Advisory ID: RHSA-2016:0152-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:0152.html Issue date: 2016-02-09 CVE Names: CVE-2015-7529 ==================================================================== 1. Summary: An updated sos package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. (CVE-2015-7529) This issue was discovered by Mateusz Guzik of Red Hat. This update also fixes the following bug: * Previously, when the hpasm plug-in ranthe "hpasmcli" command in a Python Popen constructor or a system pipeline, the command would hang and eventually time out after 300 seconds. Sos was forced to wait for the time out to finish, unnecessarily prolonging its run time. With this update, the timeout of the "hpasmcli" command has been set to 0, eliminating the delay and speeding up sos completion time. (BZ#1291828) All sos users are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1282542 - CVE-2015-7529 sos: Usage of predictable temporary files allows privilege escalation 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: sos-3.2-28.el6_7.2.src.rpm noarch: sos-3.2-28.el6_7.2.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: sos-3.2-28.el6_7.2.src.rpm noarch: sos-3.2-28.el6_7.2.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: sos-3.2-28.el6_7.2.src.rpm noarch: sos-3.2-28.el6_7.2.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: sos-3.2-28.el6_7.2.src.rpm noarch: sos-3.2-28.el6_7.2.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2015-7529 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWudWOXlSAg2UNWIIRApwBAKCk6r8WO17eyHXa/YGiTFMoFsv3GQCgxH1W QBZay53eiKbmOXKp/d3aB1Y=cVZa -----END PGP SIGNATURE----- -- Enterprise-watch-list mailinglist
Feb 09, 2016
Red Hat
98
security advisorysecurity updateRed Hat Enterprise LinuxRed Hat Enterprise Linux 5 RHSA-2013:1121-01 Low: Sos Password Disclosure
An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: sos security update Advisory ID: RHSA-2013:1121-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:1121.html Issue date: 2013-07-30 CVE Names: CVE-2012-2664 ==================================================================== 1. Summary: An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - noarch Red Hat Enterprise Linux Desktop (v. 5 client) - noarch 3. Description: The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ("/root/anaconda-ks.cfg"), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password. (CVE-2012-2664) Note: This issue affected all installations, not only systems installed via Kickstart. A "/root/anaconda-ks.cfg" file is created by all installation types. Theutility also collects yum repository information from "/etc/yum.repos.d" which in uncommon configurations may contain passwords. Any http_proxy password specified in these files will now be automatically removed. Passwords embedded within URLs in these files should be manually removed or the files excluded from the archive. All users of sos are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 826884 - CVE-2012-2664 sosreport does not blank root password in anaconda plugin 965807 - sosreport does not blankout password in anaconda-ks.cfg and yum.repo 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: noarch: sos-1.7-9.62.el5_9.1.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: noarch: sos-1.7-9.62.el5_9.1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2012-2664 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR9/G0XlSAg2UNWIIRApyvAJ0Szp3VFy5Leg6Weu5k7t3JwPQvzgCfSRKV S/EJpqtw49kaCSwpLDmcBVM=2o7s -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jul 30, 2013
•Low
Red Hat
98
security advisorysecurity issueRed Hat Enterprise LinuxRed Hat Enterprise Linux 5: RHSA-2013:1121-01 Low: Sos Security Update
An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: sos security update Advisory ID: RHSA-2013:1121-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:1121.html Issue date: 2013-07-30 CVE Names: CVE-2012-2664 ==================================================================== 1. Summary: An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - noarch Red Hat Enterprise Linux Desktop (v. 5 client) - noarch 3. Description: The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ("/root/anaconda-ks.cfg"), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password. (CVE-2012-2664) Note: This issue affected all installations, not only systems installed via Kickstart. A "/root/anaconda-ks.cfg" file is created by all installation types. The utility also collects yum repository information from "/etc/yum.repos.d" which in uncommon configurations maycontain passwords. Any http_proxy password specified in these files will now be automatically removed. Passwords embedded within URLs in these files should be manually removed or the files excluded from the archive. All users of sos are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 826884 - CVE-2012-2664 sosreport does not blank root password in anaconda plugin 965807 - sosreport does not blankout password in anaconda-ks.cfg and yum.repo 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: noarch: sos-1.7-9.62.el5_9.1.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: noarch: sos-1.7-9.62.el5_9.1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2012-2664 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. . A crucial patch for Red Hat Enterprise Linux 5 addressing a minor security flaw in the sos utility package.. Red Hat sos update, Linux security patch, RHEL update. . Severity: Low. LinuxSecurity.com Team
Jul 30, 2013
•Low
Red Hat
98
security advisorysecurity issuebug fixRed Hat 6 RHSA-2012:0958-04 Low Severity: Sos Package Update
An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: sos security, bug fix, and enhancement update Advisory ID: RHSA-2012:0958-04 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:0958.html Issue date: 2012-06-20 CVE Names: CVE-2012-2664 ==================================================================== 1. Summary: An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ("/root/anaconda-ks.cfg"), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of thepassword, not the plain text password. (CVE-2012-2664) Note: This issue affected all installations, not only systems installed via Kickstart. A "/root/anaconda-ks.cfg" file is created by all installation types. This updated sos package also includes numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Usersare directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. All users of sos are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 730641 - sosreport does not collect /proc/net details 749262 - sosreport does not gather RHN Proxy squid logs 749279 - rhn plugin should collect tomcat version 6 info, instead of obsoleted version 5 749919 - teach sos to collect /etc/modprobe.d/* 771393 - Sosreport fails for default values when rhn user name contains character '/' in it. 771501 - capture non standard log files via syslog - fix filename regexp 782589 - When copying directory into report using addCopySpec, links inside are not handled correctly 784862 - sos does not collect /proc/irq 784874 - sos does not collect /proc/cgroups 790402 - sosreport should blank root password in anaconda plugin 826884 - CVE-2012-2664 sosreport does not blank root password in anaconda plugin 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: noarch: sos-2.2-29.el6.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: noarch: sos-2.2-29.el6.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: noarch: sos-2.2-29.el6.noarch.rpm Red Hat Enterprise Linux Workstation (v.6): Source: noarch: sos-2.2-29.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2012-2664 https://access.redhat.com/security/updates/classification#low https://access.redhat.com/search/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4Zh3XlSAg2UNWIIRAqmgAJsGRyU7J5iAv1FtCCPIGp+KvlwvPwCgihL1 eLUK+sVscoBjiZ0PBgr4CKo=Dev1 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jun 20, 2012
•Low
Red Hat
98
security advisorysecurity issuebug fixRed Hat Enterprise Linux 6: RHSA-2012:0958-04 Low: Sos Security Update
An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: sos security, bug fix, and enhancement update Advisory ID: RHSA-2012:0958-04 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:0958.html Issue date: 2012-06-20 CVE Names: CVE-2012-2664 ==================================================================== 1. Summary: An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ("/root/anaconda-ks.cfg"), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password. (CVE-2012-2664) Note: This issue affected all installations, not onlysystems installed via Kickstart. A "/root/anaconda-ks.cfg" file is created by all installation types. This updated sos package also includes numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Usersare directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. All users of sos are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 730641 - sosreport does not collect /proc/net details 749262 - sosreport does not gather RHN Proxy squid logs 749279 - rhn plugin should collect tomcat version 6 info, instead of obsoleted version 5 749919 - teach sos to collect /etc/modprobe.d/* 771393 - Sosreport fails for default values when rhn user name contains character '/' in it. 771501 - capture non standard log files via syslog - fix filename regexp 782589 - When copying directory into report using addCopySpec, links inside are not handled correctly 784862 - sos does not collect /proc/irq 784874 - sos does not collect /proc/cgroups 790402 - sosreport should blank root password in anaconda plugin 826884 - CVE-2012-2664 sosreport does not blank root password in anaconda plugin 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: noarch: sos-2.2-29.el6.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: noarch: sos-2.2-29.el6.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: noarch: sos-2.2-29.el6.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: noarch: sos-2.2-29.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Ourkey and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2012-2664 https://access.redhat.com/security/updates/classification#low https://access.redhat.com/search/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2012 Red Hat, Inc. . An upgraded sos package has been released for Red Hat Linux addressing a low severity security vulnerability, along with various bug fixes and improvements.. Red Hat Enterprise Linux, sos update, low severity fix, security update. . Severity: Low. LinuxSecurity.com Team
Jun 20, 2012
•Low
Red Hat
98
security advisorysecurity issuebug fixRed Hat Enterprise Linux 5: RHSA-2012-0153-03 Low: sos Security Issue
An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: sos security, bug fix, and enhancement update Advisory ID: RHSA-2012:0153-03 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:0153.html Issue date: 2012-02-21 CVE Names: CVE-2011-4083 ==================================================================== 1. Summary: An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - noarch Red Hat Enterprise Linux Desktop (v. 5 client) - noarch 3. Description: Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to access Red Hat Network content available to the host. This issue did not affect users of Red Hat Network Classic. (CVE-2011-4083) This updated sos package also includes numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Usersare directed to the Red Hat Enterprise Linux 5.8 Technical Notes, linked to in theReferences, for information on the most significant of these changes. All sos users are advised to upgrade to this updated package, which resolves these issues and adds these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 627416 - sos rfe - request to update sos plugin cs.py for Red Hat Certificate System 641020 - [RFE] improve sos plugin to capture MRG GRID related information 655046 - sosreport French translation of y/n prompt is wrong and confusing 673246 - [RFE] include output of ibv_devinfo command (libibverbs-utils package) in sosreport 677123 - RFE: iSCSI Target plugin for sosreport. 708346 - sosreport hangs the system when multiple SIGTERMs received 716987 - Relative symlink in created report for truncated log files is wrong 717167 - make non-standard log file collection more robust 717480 - Fix problems hidden by __raisePlugins__ = 0, create logging for plugin errors717962 - When copying directory into report using addCopySpec, links inside are not handled correctly 726421 - [RFE] sosreport should collect the result of ethtool -g, ethtool -c, and ethtool -a by default 749383 - CVE-2011-4083 sos: sosreport is gathering certificate-based RHN entitlement private keys 750573 - sosreport cluster modules fail with badly formed cluster.conf 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: noarch: sos-1.7-9.62.el5.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: noarch: sos-1.7-9.62.el5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://access.redhat.com/security/cve/CVE-2011-4083 https://access.redhat.com/security/updates/classification#low https://access.redhat.com/search/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPQyGAXlSAg2UNWIIRAta7AJ9Fp/TVH/6HY7XR04kIOngt41XPgACfV03o 5qC17t17OE0zcXs5aoAd2QI=dNZq -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Feb 21, 2012
•Low
Red Hat
98
security advisoryRed Hatbug fixRed Hat: RHSA-2011:1536-03 Low: Sos Package Security Update
An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: sos security, bug fix, and enhancement update Advisory ID: RHSA-2011:1536-03 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:1536.html Issue date: 2011-12-06 CVE Names: CVE-2011-4083 ==================================================================== 1. Summary: An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to access Red Hat Network content available to the host. This issue did not affect users of Red Hat Network Classic. (CVE-2011-4083) This updated sos package also includes numerous bug fixes and enhancements. Space precludes documenting all of these changes in thisadvisory. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. All users of sos are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 600813 - [RFE] capture complete list of yum repositories in sosreport 673244 - [RFE] include output of ibv_devinfo command (libibverbs-utils package) in sosreport 677124 - RFE: iSCSI Target plugin for sosreport. 682124 - sosreport does not capture nslcd.conf file. 683404 - autofs plugin does not collect chkconfig autofs status as intended 691477 - sosreport does not include lsusb output 709491 - grab vmmemctl 713449 - sosreport truncates leading and trailing whitespace from command outputs 726360 - Extend qpidd plugin 726427 - [RFE] sosreport should collect the result of ethtool -g, ethtool -c, and ethtool -a by default 736718 - path is wrong for hardware.py plugin 749383 - CVE-2011-4083 sos: sosreport is gathering certificate-based RHN entitlement private keys 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: noarch: sos-2.2-17.el6.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: noarch: sos-2.2-17.el6.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: noarch: sos-2.2-17.el6.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: noarch: sos-2.2-17.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7.References: https://access.redhat.com/security/cve/CVE-2011-4083 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/search/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFO3jT8XlSAg2UNWIIRAu/7AJ9HaTkmfsKkzfofMwEAM/ww3sJQogCdFHDM zG45Ro5GFbZXIxcdy/gwANA=4yNz -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Dec 06, 2011
•Low
Red Hat
98
security advisorysecurity issueRed HatRed Hat Enterprise Linux 6: RHSA-2011:1536-03 Low: Sos Security Update
An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: sos security, bug fix, and enhancement update Advisory ID: RHSA-2011:1536-03 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:1536.html Issue date: 2011-12-06 CVE Names: CVE-2011-4083 ==================================================================== 1. Summary: An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to access Red Hat Network content available to the host. This issue did not affect users of Red Hat Network Classic. (CVE-2011-4083) This updated sos package also includes numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notesdocument, linked to in the References section. All users of sos are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 600813 - [RFE] capture complete list of yum repositories in sosreport 673244 - [RFE] include output of ibv_devinfo command (libibverbs-utils package) in sosreport 677124 - RFE: iSCSI Target plugin for sosreport. 682124 - sosreport does not capture nslcd.conf file. 683404 - autofs plugin does not collect chkconfig autofs status as intended 691477 - sosreport does not include lsusb output 709491 - grab vmmemctl 713449 - sosreport truncates leading and trailing whitespace from command outputs 726360 - Extend qpidd plugin 726427 - [RFE] sosreport should collect the result of ethtool -g, ethtool -c, and ethtool -a by default 736718 - path is wrong for hardware.py plugin 749383 - CVE-2011-4083 sos: sosreport is gathering certificate-based RHN entitlement private keys 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: noarch: sos-2.2-17.el6.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: noarch: sos-2.2-17.el6.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: noarch: sos-2.2-17.el6.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: noarch: sos-2.2-17.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2011-4083 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/search/ 8.Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. . Explore the recent minor security patch for sos in Red Hat Enterprise Linux 6, which includes bug resolutions and improvements.. Red Hat Enterprise Linux,sos package update,security fixes,enhancements. . Severity: Low. LinuxSecurity.com Team
Dec 06, 2011
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!