Launchpad CVE tracker

CVE 2015-7529

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

Related bugs and status

CVE-2015-7529 (Candidate) is related to these bugs:

Bug #1525271: CVE-2015-7529 needs to be backported to supported releases

		In	Importance	Status
1525271	CVE-2015-7529 needs to be backported to supported releases	sosreport (Ubuntu)	High	Fix Released
1525271	CVE-2015-7529 needs to be backported to supported releases	sosreport (Ubuntu Trusty)	High	Fix Released
1525271	CVE-2015-7529 needs to be backported to supported releases	sosreport (Ubuntu Wily)	High	Fix Released
1525271	CVE-2015-7529 needs to be backported to supported releases	sosreport (Ubuntu Vivid)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://access.redhat....
MISC: https://access.redhat....
MISC: http://www.securityfoc...
MISC: https://bugzilla.redha...
MISC: http://rhn.redhat.com/...
MISC: http://rhn.redhat.com/...
MISC: http://www.ubuntu.com/...
MISC: https://github.com/sos...

Launchpad.net

CVE 2015-7529

Related bugs and status

Related bugs

References