You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa sos

Sigurnosni nedostatak programskog paketa sos

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2014-7490
2014-06-18 21:31:53
——————————————————————————–

Name : sos
Product : Fedora 19
Version : 3.1
Release : 1.fc19
URL : http://fedorahosted.org/sos
Summary : A set of tools to gather troubleshooting information from a system
Description :
Sos is a set of tools that gathers information about system
hardware and configuration. The information can then be used for
diagnostic purposes and debugging. Sos is commonly used to help
support technicians and developers.

——————————————————————————–
Update Information:

Updated sos packages that fix a number of bugs and add several enhancements are now available.
——————————————————————————–
ChangeLog:

* Tue Jun 17 2014 Bryn M. Reeves <bmr@redhat.com> = 3.1-1
– Elide passwords in grub2 plugin
– Make sure grub password regex handles all cases
– Elide bootloader password in grub plugin
– Add postprocessing for /etc/fstab passwords
– Restore generic UI preamble text
– [ovirt] add ovirt-scheduler-proxy logs
– [ovirt] Add dwh and reports packages to plugin package list
– Add reports support to oVirt plugin
– Add oVirt Data Warehouse support
– [ovirt] add package list to ovirt plugin
– [ovirt] elide passwords in logcollector.conf
– [ovirt] elide passwords in {iso,image}uploader.conf
– Add oVirt plugin
– Make do_path_regex_sub() honour string regex arguments
– Add collection of grub configuration for UEFI systems
– Fix x86 arch detection in processor plugin
– Remove –profile support
– Fix plugin_test exception on six.PY2
– Call rhsm-debug with the –sos switch
– Do not collect isos in cobbler plugin
– Match plugins against policies
– Fix broken binary detection in satellite plugin
– Add tuned plugin
– Update systemd support
– Fix remaining use of obsolete ‘get_cmd_dir()’ in plugins
– Add PowerNV specific debug data
– powerpc: Move VPD related tool under common code
– Remove the rhevm plugin.
– Replace package check with file check in anacron
– Scrub ldap_default_authtok password in sssd plugin
– Eliminate hard-coded /var/log/sa paths in sar plugin
– Improve error message when cluster.crm_from is invalid
– Fix command output substitution exception
– Add distupgrade plugin
– Fix gluster volume name extraction
– Ensure unused fds are closed when calling subprocesses via Popen
– Pass –no-archive to rhsm-debug script
– postgresql: allow use TCP socket
– postgresql: added license and copyright
– postgresql: add logs about errors / warnings
– postgresql: minor fixes
– Include geo-replication status in gluster plugin
– Make get_cmd_output_now() behaviour match 2.2
– Add rhsm-debug collection to yum plugin
– Always treat rhevm vdsmlogs option as string
– Fix verbose file logging
– Fix get_option() use in cluster plugin
– Fix cluster postproc regression
– Ensure superclass postproc method is called in ldap plugin
– Remove obsolete diagnostics code from ldap plugin
– Fix cluster module crm_report support
– Update to sos-3.1 upstream release
* Thu Mar 20 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-23
– Call rhsm-debug with the –sos switch
* Mon Mar 3 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-22
– Fix package check in anacron plugin
* Wed Feb 12 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-21
– Remove obsolete rhel_version() usage from yum plugin
* Tue Feb 11 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-20
– Prevent unhandled exception during command output substitution
* Mon Feb 10 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-19
– Fix generation of volume names in gluster plugin
– Add distupgrade plugin
* Tue Feb 4 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-18
– Prevent file descriptor leaks when using Popen
– Disable zip archive creation when running rhsm-debug
– Include volume geo-replication status in gluster plugin
* Mon Feb 3 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-17
– Fix get_option use in cluster plugin
– Fix debug logging to file when given ‘-v’
– Always treat rhevm plugin’s vdsmlogs option as a string
– Run the rhsm-debug script from yum plugin
* Fri Jan 31 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-16
– Add new plugin to collect OpenHPI configuration
– Fix cluster plugin crm_report support
– Fix file postprocessing in ldap plugin
– Remove collection of anaconda-ks.cfg from general plugin
* Fri Jan 24 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-15
– Remove debug statements from logs plugin
– Make ethernet interface detection more robust
– Fix specifying multiple plugin options on the command line
– Make log and message levels match previous versions
– Log a warning message when external commands time out
– Remove –upload command line option
– Update sos UI text to match upstream
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> = 3.0-14
– Mass rebuild 2013-12-27
* Thu Nov 14 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-13
– Fix regressions introduced with –build option
* Tue Nov 12 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-12
– Fix typo in yum plug-in add_forbidden_paths
– Add krb5 plug-in and drop collection of krb5.keytab
* Fri Nov 8 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-10
– Add nfs client plug-in
– Fix traceback when sar module force-enabled
* Thu Nov 7 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-9
– Restore –build command line option
– Collect saved vmcore-dmesg.txt files
– Normalize temporary directory paths
* Tue Nov 5 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-7
– Add domainname output to NIS plug-in
– Collect /var/log/squid in squid plug-in
– Collect mountstats and mountinfo in filesys plug-in
– Add PowerPC plug-in from upstream
* Thu Oct 31 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-6
– Remove version checks in gluster plug-in
– Check for usable temporary directory
– Fix –alloptions command line option
– Fix configuration fail regression
* Wed Oct 30 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-5
– Include /etc/yaboot.conf in boot plug-in
– Fix collection of brctl output in networking plug-in
– Verify limited set of RPM packages by default
– Do not strip newlines from command output
– Limit default sar data collection
* Thu Oct 3 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-4
– Do not attempt to read RPC pseudo files in networking plug-in
– Restrict wbinfo collection to the current domain
– Add obfuscation of luci secrets to cluster plug-in
– Add XFS plug-in
– Fix policy class handling of –tmp-dir
– Do not set batch mode if stdin is not a TTY
– Attempt to continue when reading bad input in interactive mode
* Wed Aug 14 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-3
– Add crm_report support to cluster plug-in
– Fix rhel_version() usage in cluster and s390 plug-ins
– Strip trailing newline from command output
* Mon Jun 10 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-2
– Silence ‘could not run’ messages at default verbosity
– New upstream release
* Thu May 23 2013 Bryn M. Reeves <bmr@redhat.com> = 2.2-39
– Always invoke tar with ‘-f-‘ option
——————————————————————————–
References:

[ 1 ] Bug #1101393 – CVE-2014-0246 sos: md5 hash of GRUB password collected when running sosreport
https://bugzilla.redhat.com/show_bug.cgi?id=1101393
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update sos’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2014-7479
2014-06-18 21:30:53
——————————————————————————–

Name : sos
Product : Fedora 20
Version : 3.1
Release : 1.fc20
URL : http://fedorahosted.org/sos
Summary : A set of tools to gather troubleshooting information from a system
Description :
Sos is a set of tools that gathers information about system
hardware and configuration. The information can then be used for
diagnostic purposes and debugging. Sos is commonly used to help
support technicians and developers.

——————————————————————————–
Update Information:

Updated sos packages that fix a number of bugs and add several enhancements are now available.
——————————————————————————–
ChangeLog:

* Tue Jun 17 2014 Bryn M. Reeves <bmr@redhat.com> = 3.1-1
– Elide passwords in grub2 plugin
– Make sure grub password regex handles all cases
– Elide bootloader password in grub plugin
– Add postprocessing for /etc/fstab passwords
– Restore generic UI preamble text
– [ovirt] add ovirt-scheduler-proxy logs
– [ovirt] Add dwh and reports packages to plugin package list
– Add reports support to oVirt plugin
– Add oVirt Data Warehouse support
– [ovirt] add package list to ovirt plugin
– [ovirt] elide passwords in logcollector.conf
– [ovirt] elide passwords in {iso,image}uploader.conf
– Add oVirt plugin
– Make do_path_regex_sub() honour string regex arguments
– Add collection of grub configuration for UEFI systems
– Fix x86 arch detection in processor plugin
– Remove –profile support
– Fix plugin_test exception on six.PY2
– Call rhsm-debug with the –sos switch
– Do not collect isos in cobbler plugin
– Match plugins against policies
– Fix broken binary detection in satellite plugin
– Add tuned plugin
– Update systemd support
– Fix remaining use of obsolete ‘get_cmd_dir()’ in plugins
– Add PowerNV specific debug data
– powerpc: Move VPD related tool under common code
– Remove the rhevm plugin.
– Replace package check with file check in anacron
– Scrub ldap_default_authtok password in sssd plugin
– Eliminate hard-coded /var/log/sa paths in sar plugin
– Improve error message when cluster.crm_from is invalid
– Fix command output substitution exception
– Add distupgrade plugin
– Fix gluster volume name extraction
– Ensure unused fds are closed when calling subprocesses via Popen
– Pass –no-archive to rhsm-debug script
– postgresql: allow use TCP socket
– postgresql: added license and copyright
– postgresql: add logs about errors / warnings
– postgresql: minor fixes
– Include geo-replication status in gluster plugin
– Make get_cmd_output_now() behaviour match 2.2
– Add rhsm-debug collection to yum plugin
– Always treat rhevm vdsmlogs option as string
– Fix verbose file logging
– Fix get_option() use in cluster plugin
– Fix cluster postproc regression
– Ensure superclass postproc method is called in ldap plugin
– Remove obsolete diagnostics code from ldap plugin
– Fix cluster module crm_report support
– Update to sos-3.1 upstream release
* Thu Mar 20 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-23
– Call rhsm-debug with the –sos switch
* Mon Mar 3 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-22
– Fix package check in anacron plugin
* Wed Feb 12 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-21
– Remove obsolete rhel_version() usage from yum plugin
* Tue Feb 11 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-20
– Prevent unhandled exception during command output substitution
* Mon Feb 10 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-19
– Fix generation of volume names in gluster plugin
– Add distupgrade plugin
* Tue Feb 4 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-18
– Prevent file descriptor leaks when using Popen
– Disable zip archive creation when running rhsm-debug
– Include volume geo-replication status in gluster plugin
* Mon Feb 3 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-17
– Fix get_option use in cluster plugin
– Fix debug logging to file when given ‘-v’
– Always treat rhevm plugin’s vdsmlogs option as a string
– Run the rhsm-debug script from yum plugin
* Fri Jan 31 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-16
– Add new plugin to collect OpenHPI configuration
– Fix cluster plugin crm_report support
– Fix file postprocessing in ldap plugin
– Remove collection of anaconda-ks.cfg from general plugin
* Fri Jan 24 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-15
– Remove debug statements from logs plugin
– Make ethernet interface detection more robust
– Fix specifying multiple plugin options on the command line
– Make log and message levels match previous versions
– Log a warning message when external commands time out
– Remove –upload command line option
– Update sos UI text to match upstream
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> = 3.0-14
– Mass rebuild 2013-12-27
* Thu Nov 14 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-13
– Fix regressions introduced with –build option
* Tue Nov 12 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-12
– Fix typo in yum plug-in add_forbidden_paths
– Add krb5 plug-in and drop collection of krb5.keytab
* Fri Nov 8 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-10
– Add nfs client plug-in
– Fix traceback when sar module force-enabled
* Thu Nov 7 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-9
– Restore –build command line option
– Collect saved vmcore-dmesg.txt files
– Normalize temporary directory paths
* Tue Nov 5 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-8
– Add domainname output to NIS plug-in
– Collect /var/log/squid in squid plug-in
– Collect mountstats and mountinfo in filesys plug-in
– Add PowerPC plug-in from upstream
* Thu Oct 31 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-7
– Remove version checks in gluster plug-in
– Check for usable temporary directory
– Fix –alloptions command line option
– Fix configuration fail regression
* Wed Oct 30 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-6
– Include /etc/yaboot.conf in boot plug-in
– Fix collection of brctl output in networking plug-in
– Verify limited set of RPM packages by default
– Do not strip newlines from command output
– Limit default sar data collection
* Thu Oct 3 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-5
– Do not attempt to read RPC pseudo files in networking plug-in
– Restrict wbinfo collection to the current domain
– Add obfuscation of luci secrets to cluster plug-in
– Add XFS plug-in
– Fix policy class handling of –tmp-dir
– Do not set batch mode if stdin is not a TTY
– Attempt to continue when reading bad input in interactive mode
* Wed Aug 14 2013 Bryn M. Reeves <bmr@redhat.com> = 3.0-4
– Add crm_report support to cluster plug-in
– Fix rhel_version() usage in cluster and s390 plug-ins
– Strip trailing newline from command output
——————————————————————————–
References:

[ 1 ] Bug #1101474 – CVE-2014-0246 sos: md5 hash of GRUB password collected when running sosreport [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1101474
[ 2 ] Bug #1107126 – [ovirt] add plugin and fixes from upstream
https://bugzilla.redhat.com/show_bug.cgi?id=1107126
[ 3 ] Bug #1102640 – sos: /etc/fstab collected by sosreport, possibly containing passwords [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1102640
[ 4 ] Bug #699213 – sosreport networking plugin should also collect brctl details
https://bugzilla.redhat.com/show_bug.cgi?id=699213
[ 5 ] Bug #1100267 – Transaction check error while installing ovirt-engine
https://bugzilla.redhat.com/show_bug.cgi?id=1100267
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update sos’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

AutorMarijo Plepelic
Cert idNCERT-REF-2014-06-0023-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa samba

Otkriveni su sigurnosni nedostaci u programskom paketu samba. Otkriveni nedostaci potencijalnim napadačima omogućuju uvid u osjetljive informacije i izvođenje DoS...

Close