- Issued:
- 2008-04-08
- Updated:
- 2008-04-08
RHBA-2008:8237 - Bug Fix Advisory
Synopsis
sos bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated sos package that fixes a serious bug is now available.
Description
Sos is a set of tools that gathers information about system hardware and
configuration. The information can then be used for diagnostic purposes and
debugging. Sos is commonly used to help support technicians and developers.
This updated package addresses the following bug:
The sysreport utility did not check the report case number entered by an
administrator. If no value was provided for the case number, sysreport
derived a value from two environment variables: $LOGNAME and $HOSTNAME. As
with values entered by an administrator, the data provided by these
environment variables was not checked.
When prompted for a case number, if an administrator entered certain
invalid data -- eg " / " (a forward slash with a space character either
side) -- the sysreport script would attempt to recursively remove all
directories.
Less likely, but still possible, if no case number was provided and the
data derived from the $HOSTNAME environment variable was similarly invalid,
the same recursive attempt to remove all directories could occur.
This updated package adds a sanity check to the case number. If a case
number entered by an administrator contains anything other than numeric
characters, the entered data is not accepted and an alert noting the 'input
contains non-numeric characters!' presents.
If no case number is entered, the script now derives a case number from the
short hostname, which cannot contain a space or slash character.
All sos users should upgrade to this updated package, which fixes this bug.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 ia64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 424161 - Tricking sysreport into running 'rm -rf /' critical data loss
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
sos-1.7-9.2.el5.src.rpm | SHA-256: 87ebc38381d1d3593d69765ecdda42d7440f6c3becb8b2b2d337459ca1bb1e37 |
x86_64 | |
sos-1.7-9.2.el5.noarch.rpm | SHA-256: 8c0b54df0065e6a41a92a5f169c7cde67bb3714d6d997689060ab5371d99c24d |
ia64 | |
sos-1.7-9.2.el5.noarch.rpm | SHA-256: 8c0b54df0065e6a41a92a5f169c7cde67bb3714d6d997689060ab5371d99c24d |
i386 | |
sos-1.7-9.2.el5.noarch.rpm | SHA-256: 8c0b54df0065e6a41a92a5f169c7cde67bb3714d6d997689060ab5371d99c24d |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1
SRPM | |
---|---|
x86_64 | |
ia64 | |
i386 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
sos-1.7-9.2.el5.src.rpm | SHA-256: 87ebc38381d1d3593d69765ecdda42d7440f6c3becb8b2b2d337459ca1bb1e37 |
x86_64 | |
sos-1.7-9.2.el5.noarch.rpm | SHA-256: 8c0b54df0065e6a41a92a5f169c7cde67bb3714d6d997689060ab5371d99c24d |
i386 | |
sos-1.7-9.2.el5.noarch.rpm | SHA-256: 8c0b54df0065e6a41a92a5f169c7cde67bb3714d6d997689060ab5371d99c24d |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
sos-1.7-9.2.el5.src.rpm | SHA-256: 87ebc38381d1d3593d69765ecdda42d7440f6c3becb8b2b2d337459ca1bb1e37 |
x86_64 | |
sos-1.7-9.2.el5.noarch.rpm | SHA-256: 8c0b54df0065e6a41a92a5f169c7cde67bb3714d6d997689060ab5371d99c24d |
i386 | |
sos-1.7-9.2.el5.noarch.rpm | SHA-256: 8c0b54df0065e6a41a92a5f169c7cde67bb3714d6d997689060ab5371d99c24d |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
sos-1.7-9.2.el5.src.rpm | SHA-256: 87ebc38381d1d3593d69765ecdda42d7440f6c3becb8b2b2d337459ca1bb1e37 |
s390x | |
sos-1.7-9.2.el5.noarch.rpm | SHA-256: 8c0b54df0065e6a41a92a5f169c7cde67bb3714d6d997689060ab5371d99c24d |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1
SRPM | |
---|---|
s390x |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
sos-1.7-9.2.el5.src.rpm | SHA-256: 87ebc38381d1d3593d69765ecdda42d7440f6c3becb8b2b2d337459ca1bb1e37 |
ppc | |
sos-1.7-9.2.el5.noarch.rpm | SHA-256: 8c0b54df0065e6a41a92a5f169c7cde67bb3714d6d997689060ab5371d99c24d |
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1
SRPM | |
---|---|
ppc |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
sos-1.7-9.2.el5.src.rpm | SHA-256: 87ebc38381d1d3593d69765ecdda42d7440f6c3becb8b2b2d337459ca1bb1e37 |
x86_64 | |
sos-1.7-9.2.el5.noarch.rpm | SHA-256: 8c0b54df0065e6a41a92a5f169c7cde67bb3714d6d997689060ab5371d99c24d |
i386 | |
sos-1.7-9.2.el5.noarch.rpm | SHA-256: 8c0b54df0065e6a41a92a5f169c7cde67bb3714d6d997689060ab5371d99c24d |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.