4.99. sos


An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link associated with the description below.
The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging.

Security Fix

CVE-2012-2664
The sosreport utility collected the Kickstart configuration file ("/root/anaconda-ks.cfg"), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password.
Note: This issue affected all installations, not only systems installed via Kickstart. A "/root/anaconda-ks.cfg" file is created by all installation types.
The utility also collects yum repository information from "/etc/yum.repos.d" which in uncommon configurations may contain passwords. Any http_proxy password specified in these files will now be automatically removed. Passwords embedded within URLs in these files should be manually removed or the files excluded from the archive.
All users of sos are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
An updated sos package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 5.
The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging.

Bug Fixes

BZ#782218
When the rhn-client-tools package was not installed and the __raisePlugins__ plug-in was enabled on the system, the sosreport utility failed to collect the dmidecode files and other hardware information. This update provides a patch to fix this bug and sosreport now works correctly in the described scenario.
BZ#782247
When the audit package was not installed and the /var/log/audit file did not exist on the system, the auditd plug-in failed with a traceback error. This bug has been fixed and auditd now properly handles the missing /var/log/audit file.
BZ#868008
When SELinux was disabled on the system, the sosreport utility did not collect the information located in the sos_commands/selinux/ directory. This update provides a patch to fix this bug, and sosreport now correctly collects all the required information in the described scenario.
BZ#906071
Previous versions of the sos psacct (BSD Process Accounting) module collected all process accounting files present on the system, which could, under certain configurations, lead to a very large number of archived files in the process accounting directory. To fix this, psacct now collects only the most recent accounting file by default. The all option has been added to the module which allows the user to request the original behavior if required. As a result, reports generated on hosts with many archived accounting files no longer include this large set of additional data.
BZ#958346
Previously, the sosreport utility did not capture modules located in the /etc/modules.*/ directory including module blacklisting. With this update, a patch has been provided to fix this bug and sosreport now captures the modules as expected.
BZ#976242
Previous versions of the sos utility did not sanitize special characters in system host names when using the name in file system paths. Consequently, inserting special characters in the system host name could cause sos to generate invalid file system paths and fail to generate a report. With this update, invalid characters are filtered out of system host names and sos now works correctly on systems having characters disallowed in file system paths present in the host name.
BZ#977187
When used on PowerPC systems, the sosreport utility took a copy of the /boot/yaboot.conf file but not a copy of the /etc/yaboot.conf file. Consequently, sosreport could miss important information present in this file. This update applies a patch to fix this bug and the report from sosreport now contains information from /etc/yaboot.conf if present.

Enhancements

BZ#840981
Previous releases of sos captured only the /proc/ioports file detailing registered I/O port regions in use. The /proc/iomem file additionally describes regions of physical system memory and their use of memory, firmware data, and device I/O traffic. As this data can be important in debugging certain hardware and device-driver problems, both ioports and iomem data have been made available within generated reports.
BZ#891325
Previously, the sar plug-in did not set a size restriction for collected data, which could cause the sosreport utility to fill up the directory for temporary files. This enhancement adds the ability to limit the maximum size of collected data for the sar plug-in.
BZ#907876
The ID mapping daemon (idmapd) controls identity mappings used by NFSv4 services and is important for diagnostic and troubleshooting efforts. This enhancement provides a new feature that allows the sosreport utility to analyze the idmapd.conf file on NFS client and server hosts.
Users of sos are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.