- Issued:
- 2008-05-09
- Updated:
- 2008-05-09
RHBA-2008:0253 - Bug Fix Advisory
Synopsis
sos bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated sos package that fixes a serious bug and adds two enhancements
is now available.
Description
Sos is a set of tools that gathers information about system hardware and
configuration. The information can then be used for diagnostic purposes and
debugging. Sos is commonly used to help support technicians and developers.
This updated package addresses the following bug:
- the sysreport utility did not check the report case number entered by an
administrator. If no value was provided for the case number, sysreport
derived a value from two environment variables: $LOGNAME and $HOSTNAME. As
with values entered by an administrator, the data provided by these
environment variables was not checked.
When prompted for a case number, if an administrator entered certain
invalid data -- eg " / " (a forward slash with a space character either
side) -- the sysreport script would attempt to recursively remove all
directories.
Less likely, but still possible, if no case number was provided and the
data derived from the $HOSTNAME environment variable was similarly invalid,
the same recursive attempt to remove all directories could occur.
This updated package adds a sanity check to the case number. If a case
number entered by an administrator contains anything other than numeric
characters, the entered data is not accepted and an alert noting the 'input
contains non-numeric characters!' presents.
If no case number is entered, the script now derives a case number from the
short hostname, which cannot contain a space or slash character.
This new package also adds the following enhancements:
- previously, sysreport did not collect information from elilo.conf, the
configuration file for the Extensible Firmware Interface (EFI) boot loader.
It now does this, providing more information for diagnosing boot-problems
on EFI-based systems such as the IBM Z-series.
- the legacy sysreport tool used a "-norpm" switch to exclude RPM
information from the system information gathered by the tool. RPM
information was commonly excluded because of the time it took to gather.
sosreport no longer supports this option. Instead, it uses a plug-in
interface which allows for the inclusion and exclusion of multiple sorts of
system information. This plug-in interface treats "-n" as an option for
skipping a subsequently named plug-in.
In the previous version of sosreport, using the legacy "-norpm" switch
failed silently, with the tool skipping the non-existent "orpm" package
without presenting any feedback. With this updated package, references to
non-existent plugins return an error alerting the user to the plug-in's
non-existence.
All sos users should upgrade to this updated package, which fixes this bug
and adds these enhancements.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 ia64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6 ppc
Fixes
- BZ - 424151 - Tricking sysreport into running 'rm -rf /' critical data loss
- BZ - 443397 - sos does not warn if invalid plugins are passed to -n/--skip-plugins
- BZ - 443398 - sysreport(sos) does not collect '/etc/elilo.conf'
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 4
SRPM | |
---|---|
sos-1.7-6.1.el4_6.2.src.rpm | SHA-256: 0c71d322b03f2a467304d36ce9f08e63272eafb9f7b2aaa482f9e736389068ce |
x86_64 | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
ia64 | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
i386 | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6
SRPM | |
---|---|
sos-1.7-6.1.el4_6.2.src.rpm | SHA-256: 0c71d322b03f2a467304d36ce9f08e63272eafb9f7b2aaa482f9e736389068ce |
x86_64 | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
ia64 | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
i386 | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
Red Hat Enterprise Linux Workstation 4
SRPM | |
---|---|
sos-1.7-6.1.el4_6.2.src.rpm | SHA-256: 0c71d322b03f2a467304d36ce9f08e63272eafb9f7b2aaa482f9e736389068ce |
x86_64 | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
ia64 | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
i386 | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
Red Hat Enterprise Linux Desktop 4
SRPM | |
---|---|
sos-1.7-6.1.el4_6.2.src.rpm | SHA-256: 0c71d322b03f2a467304d36ce9f08e63272eafb9f7b2aaa482f9e736389068ce |
x86_64 | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
i386 | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
Red Hat Enterprise Linux for IBM z Systems 4
SRPM | |
---|---|
sos-1.7-6.1.el4_6.2.src.rpm | SHA-256: 0c71d322b03f2a467304d36ce9f08e63272eafb9f7b2aaa482f9e736389068ce |
s390x | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
s390 | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6
SRPM | |
---|---|
sos-1.7-6.1.el4_6.2.src.rpm | SHA-256: 0c71d322b03f2a467304d36ce9f08e63272eafb9f7b2aaa482f9e736389068ce |
s390x | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
s390 | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
Red Hat Enterprise Linux for Power, big endian 4
SRPM | |
---|---|
sos-1.7-6.1.el4_6.2.src.rpm | SHA-256: 0c71d322b03f2a467304d36ce9f08e63272eafb9f7b2aaa482f9e736389068ce |
ppc | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6
SRPM | |
---|---|
sos-1.7-6.1.el4_6.2.src.rpm | SHA-256: 0c71d322b03f2a467304d36ce9f08e63272eafb9f7b2aaa482f9e736389068ce |
ppc | |
sos-1.7-6.1.el4_6.2.noarch.rpm | SHA-256: ddb8bc5afe4ecbc6d57a4feaabd539617de82ac6feb4e7ea006624bc394df64c |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.