USN-2845-1: SoS vulnerabilities
18 December 2015
sosreport could be made to expose sensitive information or overwrite files as the administrator.
- sosreport - Set of tools to gather troubleshooting data from a system
Dolev Farhi discovered an information disclosure issue in SoS. If the
/etc/fstab file contained passwords, the passwords were included in the
SoS report. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-3925)
Mateusz Guzik discovered that SoS incorrectly handled temporary files. A
local attacker could possibly use this issue to overwrite arbitrary files
or gain access to temporary file contents containing sensitive system
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.