Bug 30898 - sos new security issue CVE-2022-2806
Summary: sos new security issue CVE-2022-2806
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2022-09-27 00:01 CEST by David Walser
Modified: 2022-10-19 01:16 CEST (History)
5 users (show)

See Also:
Source RPM: sos-3.9.1-1.mga8.src.rpm
Status comment:


Description David Walser 2022-09-27 00:01:50 CEST
Ubuntu has issued an advisory today (September 26):

The issue is fixed upstream in 4.4.
David Walser 2022-09-27 00:01:59 CEST

Status comment: (none) => Fixed upstream in 4.4

Comment 1 Bruno Cornec 2022-10-01 18:03:54 CEST
sos 4.4 pushed to updates_testing for mga8

Assignee: bruno => qa-bugs

Comment 2 David Walser 2022-10-01 21:12:59 CEST

from sos-4.4-1.mga8.src.rpm

Status comment: Fixed upstream in 4.4 => (none)
CC: (none) => bruno

Comment 3 Herman Viaene 2022-10-13 16:24:05 CEST
MGA8-64 MATE on Acer Aspire 5253
No installation issues
Ref bug 13441 for testing
# sosreport -l
Please note the 'sosreport' command has been deprecated in favor of the new 'sos' command, E.G. 'sos report'.
Redirecting to 'sos report -l'
WARNING: tmp-dir is set to a tmpfs filesystem. This may increase memory pressure and cause instability on low memory systems, or when using --all-logs.

sosreport (version 4.4)

The following plugins are currently enabled:

 anacron              Anacron job scheduling service
 block                Block device information
 cron                 Cron job scheduler
 crypto               System crypto services information
 cups                 CUPS IPP print service
 date                 Basic system time information
and a load more, then
The following plugins are currently disabled:

 arcconf              inactive       arcconf Integrated RAID adapter information
 ata                  inactive       ATA and IDE information
 auditd               inactive       Audit daemon information
 bcache               inactive       Bcache statistics
 boot                 inactive       Bootloader information
 btrfs                inactive       Btrfs filesystem
 cifs                 inactive       SMB file system information
 clear_containers     inactive       Intel(R) Clear Containers confi
and again......
The following options are available for ALL plugins:
 timeout                   300             Timeout in seconds for plugin to finish all collections
 cmd-timeout               300             Timeout in seconds for individual commands to finish
 postproc                  True            Enable post-processing of collected data

The following plugin options are available:
 ebpf.namespaces           0               Number of namespaces to collect, 0 for unlimited
 kernel.with-timer         off             gather /proc/timer* statistics
 kernel.trace              off             gather /sys/kernel/debug/tracing/trace file
 libraries.ldconfigv       off             collect verbose ldconfig output
 lvm2.lvmdump              off             collect an lvmdump tarball
 lvm2.lvmdump-am           off             attempt to collect lvmdump with advanced options and raw metadata
 process.lsof              on              collect info on all open files
 process.lsof-threads      off             collect threads' open file info if supported
 process.smaps             off             collect /proc/*/smaps files
 process.samples           20              number of iotop samples to collect
 process.numprocs          2048            number of process to collect /proc data of

 Profiles: boot, desktop, gpu, hardware, identity, java, kernel, memory, 
           network, perl, security, services, storage, system, virt, 

 16 profiles, 45 plugins

# sos report -v
WARNING: tmp-dir is set to a tmpfs filesystem. This may increase memory pressure and cause instability on low memory systems, or when using --all-logs.

sosreport (version 4.4)

This command will collect system configuration and diagnostic
information from this Linux system.

For more information on SoS visit:

        Upstream Project : https://github.com/sosreport/sos

The generated archive may contain data considered sensitive and its
content should be reviewed by the originating organization before being
passed to any third party.

No changes will be made to system configuration.

SoS was unable to determine that the distribution of this system is
supported, and has loaded a generic configuration. This may not provide
desired behavior, and users are encouraged to request a new
distribution-specifc policy at the GitHub project above.

Press ENTER to continue, or CTRL-C to quit.
Optionally, please enter the case id that you are generating this report for []: 

 Setting up archive ...
 Setting up plugins ...
[plugin:firewall_tables] skipped command 'nft list ruleset': required kmods missing: nf_tables.   Use '--allow-system-changes' to enable collection.
[plugin:systemd] skipped command 'resolvectl status': required services missing: systemd-resolved.  
[plugin:systemd] skipped command 'resolvectl statistics': required services missing: systemd-resolved.  
 Running plugins. Please wait ...

  Starting 1/45  anacron         [Running: anacron]
  Starting 2/45  block           [Running: anacron block]
  Starting 3/45  cron            [Running: anacron block cron]
running thru, then 
Finished running plugins

Creating compressed archive...

Your sosreport has been generated and saved in:

 Size	3.94MiB
 Owner	root
 sha256	226b9f6261f07d8c9f4dddf8684a7da21546ddc24966ca02494f186654f9008d

Please send this file to your support representative.

Could open the tar file, but reading all of it would take me more than a days work. I suppose that it works OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 4 Thomas Andrews 2022-10-13 21:33:05 CEST
Sounds like it. Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-10-18 23:30:54 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 5 Mageia Robot 2022-10-19 01:16:22 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.