Bug 17358 - sos new insecure tmp file issue CVE-2015-7529
: sos new insecure tmp file issue CVE-2015-7529
Status: REOPENED
Product: Mageia
Classification: Unclassified
Component: RPM Packages
: 5
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/668547/
: MGA5-32-OK feedback advisory
:
:
:
  Show dependency treegraph
 
Reported: 2015-12-18 15:32 CET by David Walser
Modified: 2017-01-08 21:10 CET (History)
4 users (show)

See Also:
Source RPM: sos-3.2-2.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2015-12-18 15:32:04 CET
Ubuntu has issued an advisory on December 17:
http://www.ubuntu.com/usn/usn-2845-1/

CVE-2014-3925 was fixed in 3.2, so it doesn't affect us.

I don't believe CVE-2015-7529 is a security issue for us, due to the protected_symlinks feature in the kernel, but it is still a bug that should be fixed in Cauldron.  You can include the patch in Mageia 5 SVN too.

Reproducible: 

Steps to Reproduce:
Comment 2 David Walser 2016-02-16 17:16:14 CET
RedHat has issued an advisory for this today (February 16):
https://rhn.redhat.com/errata/RHSA-2016-0188.html
Comment 3 David Walser 2016-04-27 18:29:26 CEST
This is just a regular bug for us, not a security issue.
Comment 4 Bruno Cornec 2017-01-02 19:12:40 CET
Uploaded sos 3.3 in update_testing for Mageia 5 which should fix it for good.
Comment 5 David Walser 2017-01-04 00:07:05 CET
An advisory in SVN as well (thanks to Bruno, with small enhancement from me).

Reference for 3.3 update:
https://github.com/sosreport/sos/releases/tag/3.3
Comment 6 Herman Viaene 2017-01-06 17:30:52 CET
MGA5-32 on Acer D620 Xfce
No installation issues
Ran sosreport as root and got a 3.6 Mb tar file with logs, reports, current config files and som more as result. Seems thus OK
Comment 7 Lewis Smith 2017-01-07 11:37:32 CET
Trying M5_64

BEFORE the update: sos-3.2-2.mga5

# sosreport
sosreport (version 3.2)
This command will collect diagnostic and configuration information from
this Mageia system and installed applications.
An archive containing the collected information will be generated in
/var/tmp and may be provided to a Mageia support representative.
...
No changes will be made to system configuration.
Press ENTER to continue, or CTRL-C to quit.
Please enter your first initial and last name [localhost.localdomain]: lsmith
Please enter the case id that you are generating this report for: preupdate
 Setting up archive ...
 Setting up plugins ...
 Running plugins. Please wait ...
  Running 30/71: logs...        [plugin:logs] command 'journalctl --all --this-boot --no-pager' timed out after 300s
[plugin:logs] command 'journalctl --all --this-boot --no-pager -o verbose' timed out after 300s
[plugin:logs] command 'journalctl --all --since="-3days"' timed out after 300s
  Running 71/71: xinetd...            
Creating compressed archive...
Your sosreport has been generated and saved in:
  /var/tmp/sosreport-lsmith.preupdate-20170106213919.tar.xz
...

although the two jornalctl timeouts seemed longer than 5m.

AFTER update: sos-3.3-1.mga5

# sosreport
sosreport (version 3.3)
...
An archive containing the collected information will be generated in
/var/tmp/sos.HN0Zb5 and may be provided to a Red Hat support
representative.
Any information provided to Red Hat will be treated in accordance with
the published support policies at:
  https://access.redhat.com/support/
...
No changes will be made to system configuration.
Press ENTER to continue, or CTRL-C to quit.
Please enter your first initial and last name [localhost.localdomain]: lsmith
Please enter the case id that you are generating this report for []: postupdate
 Setting up archive ...
 Setting up plugins ...
caught exception in plugin method "monit.setup()"
writing traceback to sos_logs/monit-plugin-errors.txt
 Running plugins. Please wait ...
  Running 34/80: logs...                
------------------------
And there it stopped; stuck indefinitely, disc access evident.
That is problem no.3.
Problem no.1: Early output refers to RedHat, not Mageia as previously.
Problem no.2: caught exception in plugin method "monit.setup()"

Need opinion of ? Bruno please.
Comment 8 Herman Viaene 2017-01-07 11:47:30 CET
On my test with MGA5-32.
I gave an <Enter> on the question "Please enter the case id......", and then a lot of patience to let it finish. In fact I let the laptop running and went to do something else, so the run might easily have exceeded 30 min.
Comment 9 Lewis Smith 2017-01-07 21:05:48 CET
Re-testing M5_64 real h/w
AFTER update

# sosreport
sosreport (version 3.3)
...
this Red Hat Enterprise Linux system and installed applications.
...
/var/tmp/sos.L8Hx3w and may be provided to a Red Hat support
...
  https://access.redhat.com/support/
...
 Setting up archive ...
 Setting up plugins ...
caught exception in plugin method "monit.setup()"       [does this matter?]
writing traceback to sos_logs/monit-plugin-errors.txt
 Running plugins. Please wait ...
  Running 80/80: xinetd...              
Creating compressed archive...
Your sosreport has been generated and saved in:
  /var/tmp/sosreport-lsmith.postupdate-20170107201457.tar.xz

So this time it worked; perhaps a re-boot after the update was necessary.
But I suspect we would want to change 'RedHat' to 'Mageia' (like Comment 2 before update) before pushing the update. Asking for feedback about this.

Note You need to log in before you can comment on or make changes to this bug.