Skip to navigation

Security Advisory Low: sos security update

Advisory: RHSA-2013:1121-1
Type: Security Advisory
Severity: Low
Issued on: 2013-07-30
Last updated on: 2013-07-30
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.9.z server)
Red Hat Enterprise Linux Long Life (v. 5.9 server)
CVEs (cve.mitre.org): CVE-2012-2664

Details

An updated sos package that fixes one security issue is now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The sos package contains a set of tools that gather information from system
hardware, logs and configuration files. The information can then be used
for diagnostic purposes and debugging.

The sosreport utility collected the Kickstart configuration file
("/root/anaconda-ks.cfg"), but did not remove the root user's password from
it before adding the file to the resulting archive of debugging
information. An attacker able to access the archive could possibly use this
flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually
only contains a hash of the password, not the plain text password.
(CVE-2012-2664)

Note: This issue affected all installations, not only systems installed via
Kickstart. A "/root/anaconda-ks.cfg" file is created by all installation
types.

The utility also collects yum repository information from
"/etc/yum.repos.d" which in uncommon configurations may contain passwords.
Any http_proxy password specified in these files will now be automatically
removed. Passwords embedded within URLs in these files should be manually
removed or the files excluded from the archive.

All users of sos are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
sos-1.7-9.62.el5_9.1.src.rpm
File outdated by:  RHBA-2013:1356
    MD5: 0eaf1f0142780c82230e0670f760b088
SHA-256: 1caed3825f5764899a8d7c8c804e02fc5000780f3f959fc08ffe17f364e745cb
 
IA-32:
sos-1.7-9.62.el5_9.1.noarch.rpm
File outdated by:  RHBA-2013:1356
    MD5: 23f9c95cd5ebbbca31a25029d7af930e
SHA-256: 2635382f808c2bbeca2e963283705783b0ad92f246f8eedc8a551d0525408fb4
 
IA-64:
sos-1.7-9.62.el5_9.1.noarch.rpm
File outdated by:  RHBA-2013:1356
    MD5: 23f9c95cd5ebbbca31a25029d7af930e
SHA-256: 2635382f808c2bbeca2e963283705783b0ad92f246f8eedc8a551d0525408fb4
 
PPC:
sos-1.7-9.62.el5_9.1.noarch.rpm
File outdated by:  RHBA-2013:1356
    MD5: 23f9c95cd5ebbbca31a25029d7af930e
SHA-256: 2635382f808c2bbeca2e963283705783b0ad92f246f8eedc8a551d0525408fb4
 
s390x:
sos-1.7-9.62.el5_9.1.noarch.rpm
File outdated by:  RHBA-2013:1356
    MD5: 23f9c95cd5ebbbca31a25029d7af930e
SHA-256: 2635382f808c2bbeca2e963283705783b0ad92f246f8eedc8a551d0525408fb4
 
x86_64:
sos-1.7-9.62.el5_9.1.noarch.rpm
File outdated by:  RHBA-2013:1356
    MD5: 23f9c95cd5ebbbca31a25029d7af930e
SHA-256: 2635382f808c2bbeca2e963283705783b0ad92f246f8eedc8a551d0525408fb4
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
sos-1.7-9.62.el5_9.1.src.rpm
File outdated by:  RHBA-2013:1356
    MD5: 0eaf1f0142780c82230e0670f760b088
SHA-256: 1caed3825f5764899a8d7c8c804e02fc5000780f3f959fc08ffe17f364e745cb
 
IA-32:
sos-1.7-9.62.el5_9.1.noarch.rpm
File outdated by:  RHBA-2013:1356
    MD5: 23f9c95cd5ebbbca31a25029d7af930e
SHA-256: 2635382f808c2bbeca2e963283705783b0ad92f246f8eedc8a551d0525408fb4
 
x86_64:
sos-1.7-9.62.el5_9.1.noarch.rpm
File outdated by:  RHBA-2013:1356
    MD5: 23f9c95cd5ebbbca31a25029d7af930e
SHA-256: 2635382f808c2bbeca2e963283705783b0ad92f246f8eedc8a551d0525408fb4
 
Red Hat Enterprise Linux EUS (v. 5.9.z server)

SRPMS:
sos-1.7-9.62.el5_9.1.src.rpm
File outdated by:  RHBA-2013:1356
    MD5: 0eaf1f0142780c82230e0670f760b088
SHA-256: 1caed3825f5764899a8d7c8c804e02fc5000780f3f959fc08ffe17f364e745cb
 
IA-32:
sos-1.7-9.62.el5_9.1.noarch.rpm     MD5: 23f9c95cd5ebbbca31a25029d7af930e
SHA-256: 2635382f808c2bbeca2e963283705783b0ad92f246f8eedc8a551d0525408fb4
 
IA-64:
sos-1.7-9.62.el5_9.1.noarch.rpm     MD5: 23f9c95cd5ebbbca31a25029d7af930e
SHA-256: 2635382f808c2bbeca2e963283705783b0ad92f246f8eedc8a551d0525408fb4
 
PPC:
sos-1.7-9.62.el5_9.1.noarch.rpm     MD5: 23f9c95cd5ebbbca31a25029d7af930e
SHA-256: 2635382f808c2bbeca2e963283705783b0ad92f246f8eedc8a551d0525408fb4
 
s390x:
sos-1.7-9.62.el5_9.1.noarch.rpm     MD5: 23f9c95cd5ebbbca31a25029d7af930e
SHA-256: 2635382f808c2bbeca2e963283705783b0ad92f246f8eedc8a551d0525408fb4
 
x86_64:
sos-1.7-9.62.el5_9.1.noarch.rpm     MD5: 23f9c95cd5ebbbca31a25029d7af930e
SHA-256: 2635382f808c2bbeca2e963283705783b0ad92f246f8eedc8a551d0525408fb4
 
Red Hat Enterprise Linux Long Life (v. 5.9 server)

SRPMS:
sos-1.7-9.62.el5_9.1.src.rpm
File outdated by:  RHBA-2013:1356
    MD5: 0eaf1f0142780c82230e0670f760b088
SHA-256: 1caed3825f5764899a8d7c8c804e02fc5000780f3f959fc08ffe17f364e745cb
 
IA-32:
sos-1.7-9.62.el5_9.1.noarch.rpm     MD5: 23f9c95cd5ebbbca31a25029d7af930e
SHA-256: 2635382f808c2bbeca2e963283705783b0ad92f246f8eedc8a551d0525408fb4
 
IA-64:
sos-1.7-9.62.el5_9.1.noarch.rpm     MD5: 23f9c95cd5ebbbca31a25029d7af930e
SHA-256: 2635382f808c2bbeca2e963283705783b0ad92f246f8eedc8a551d0525408fb4
 
x86_64:
sos-1.7-9.62.el5_9.1.noarch.rpm     MD5: 23f9c95cd5ebbbca31a25029d7af930e
SHA-256: 2635382f808c2bbeca2e963283705783b0ad92f246f8eedc8a551d0525408fb4
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

826884 - CVE-2012-2664 sosreport does not blank root password in anaconda plugin
965807 - sosreport does not blankout password in anaconda-ks.cfg and yum.repo


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/