OVMSA-2016-0011

OVMSA-2016-0011 - sos security update

Type:SECURITY
Severity:MODERATE
Release Date:2016-02-09

Description


[3.2-28.0.1.2]
- Add vendor, vendor URL info for Oracle Linux [orabug 17656507] (joe.jin@oracle.com)
- Direct traceroute to linux.oracle.com (John Haxby) [orabug 11713272] (joe.jin@oracle.com)
- Check oraclelinux-release instead of redhat-release to get OS version (John Haxby) [bug 11681869] (joe.jin@oracle.com)
- Remove RH ftp URL and support email (joe.jin@oracle.com)
- add sos-oracle-enterprise.patch (joe.jin@oracle.com)
- Add smartmon plugin (John Haxby) [orabug 17995005] (joe.jin@oracle.com)

[3.2-28.el6_7.2]
- [sosreport] Report correct final path with --build
Related: bz1290953

[3.2-28.el6_7.1]
- [hpasm] Add timeout.
Resolves: bz1291828

[3.2-28.el6_7]
- [sosreport] Prepare report in a private subdirectory
Resolves: bz1290953

[3.2-28]
- [ovirt] Collect engine tuneables and domain information.
Resolves: bz1234226

[3.2-27]
- [networking] nmcli status is obtained from the output
Resolves: bz1206661

[3.2-26]
- [cluster] Scrub password from crm_report data.
Resolves: bz1206581
- [networking] Use the correct options for nmcli.
Resolves: bz1206661

[3.2-25]
- [mysql] Collect log file by default.
Resolves: bz1209442

[3.2-24]
- [openshift] Scrub passwords from plugin config files.
Resolves: bz1203330

[3.2-23]
- [tuned] Collect additional configurations files and profiles.
Resolves: bz1174186

[3.2-22]
- [networking] Fix 'ip addr' collection.
Resolves: bz1209455

[3.2-21]
- [networking] test nmcli status before using output
Resolves: bz1206661

[3.2-20]
- [openshift] Scrub passwords from config files.
Resolves: bz1203330

[3.2-19]
- [cluster] Ensure cluster sets 'make' to False when calling get_cmd_output_path().
Resolves: bz1190723

[3.2-18]
- [openshift] Collect additional config files.
Resolves: bz1166874
- [activemq] Honour all_logs and get config on RHEL.
Resolves: bz1165878

[3.2-17]
- [policy/redhat] use /tmp as default temporary directory
- [global] remove dependency on python-six
Resolves: bz1144525

[3.2-16]
- [cluster] Added package luci and fix lockdumps capturing.
Resolves: bz1171186
- [puppet] Adding new plugin for puppet
Resolves: bz1172880
- [block] parted will use sector units instead of human units.
Resolves: bz1086537
- [foreman] Added option to prevent generic resource collection with foreman plugin. Remove the plugin katello since data collection done by foreman-debug.
Resolves: bz1135290

[3.2-15]
- [global] update el6 to upstream 3.2 release
Resolves: bz1144525
- [global] sync 3.2-15.el6 with RHEL-7.1
Resolves: bz1144525

[3.2-14]
- [mysql] test for boolean values in dbuser and dbpass
- [mysql] improve handling of dbuser, dbpass and MYSQL_PWD

[3.2-12]
- [plugin] limit path names to PC_NAME_MAX
- [squid] collect files from /var/log/squid
- [sosreport] log plugin exceptions to a file
- [ctdb] fix collection of /etc/sysconfig/ctdb
- [sosreport] fix silent exception handling

[3.2-11]
- [sosreport] do not make logging calls after OSError
- [sosreport] catch OSError exceptions in SoSReport.execute()
- [anaconda] make useradd password regex tolerant of whitespace

[3.2-10]
- [mysql] fix handling of mysql.dbpass option

[3.2-9]
- [navicli] catch exceptions if stdin is unreadable
- [docs] update man page for new options
- [sosreport] make all utf-8 handling user errors=ignore

[3.2-8]
- [kpatch] do not attempt to collect data if kpatch is not installed
- [archive] drop support for Zip archives

[3.2-7]
- [sosreport] fix archive permissions regression

[3.2-6]
- [tomcat] add support for tomcat7 and default log size limits
- [mysql] obtain database password from the environment

[3.2-5]
- [corosync] add postprocessing for corosync-objctl output
- [ovirt_hosted_engine] fix exception when force-enabled

[3.2-4]
- [yum] call rhsm-debug with --no-subscriptions
- [powerpc] allow PowerPC plugin to run on ppc64le
- [package] add Obsoletes for sos-plugins-openstack

[3.2-3]
- [pam] add pam_tally2 and faillock support
- [postgresql] obtain db password from the environment
- [pcp] add Performance Co-Pilot plugin
- [nfsserver] collect /etc/exports.d
- [sosreport] handle --compression-type correctly
- [anaconda] redact passwords in kickstart configurations
- [haproxy] add new plugin
- [keepalived] add new plugin
- [lvm2] set locking_type=0 when calling lvm commands
- [tuned] add new plugin
- [cgroups] collect /etc/sysconfig/cgred
- [plugins] ensure doc text is always displayed for plugins
- [sosreport] fix the distribution version API call
- [docker] add new plugin
- [openstack_*] include broken-out openstack plugins
- [mysql] support MariaDB
- [openstack] do not collect /var/lib/nova
- [grub2] collect grub.cfg on UEFI systems
- [sosreport] handle out-of-space errors gracefully
- [firewalld] new plugin
- [networking] collect NetworkManager status
- [kpatch] new plugin
- [global] update to upstream 3.2 release

[2.2-68.el6]
- [ds] add collection of ds admin server configuration
Resolves: bz994628
- [ldap] ensure /etc/openldap/ content is collected
Resolves: bz994628
- [plugintools] preserve permissions on directories
Resolves: bz1069786

[2.2-67.el6]
- [plugintools] Fix size limiting in addCopySpecLimit
Resolves: bz1001600

[2.2-66.el6]
- [general] do not collect /var/log/sa
Resolves: bz1001600

[2.2-65.el6]
- [grub] Fix grub.conf path for grub-1.x versions
Resolves: bz1076388
- [ds] Fix logging exception when plugin force-enabled
Resolves: bz994628

[2.2-64.el6]
- [pgsql] backport PGPASSWORD changes from upstream
Resolves: bz1125998

[2.2-63.el6]
- [plugin] backport command timeout support
Resolves: bz1005703

[2.2-62.el6]
- Restrict ldap and ds plugin paths to avoid collecting secrets
Resolves: bz994628
- Add certutil output to ldap and ds plugins to summarize certs
Resolves: bz994628

[2.2-61.el6]
- [powerpc] backport plugin from upstream
Resolves: bz977190
- [devicemapper] set locking_type=0 when calling lvm2 commands
Resolves: bz1102282
- [nfsserver] collect 'exportfs -v'
Resolves: bz985512
- [openshift] improve password redaction
Resolves: bz1039755
- [openshift] don't collect all of /etc/openshift
Resolves: bz1039755

[2.2-60.el6]
- [mongodb] backport new plugin from upstream
- [activemq] backport new plugin from upstream
- [openshift] sync plugin with upstream
- [plugin] backport collectExtOutputs and addCopySpecs
- Make OpenShift module collect domain information
- Add 'gear' option to OpenShift module
- Add OpenShift module
Resolves: bz1039755
- [plugin] backport addCopySpecLimit tailit parameter
Resolves: bz1001600

[2.2-58.el6]
- [plugintools] preserve permissions on all path components
Resolves: bz1069786

[2.2-57.el6]
- [tomcat] update for tomcat6 and add password filtering
Resolves: bz1088070
- [filesys] collect dumpe2fs -h output by default
Resolves: bz1105629
- [rpm] reduce number of calls to rpm
Resolves: bz1019872
- Verify fewer packages in rpm plug-in
Resolves: bz1019872
- [bootloader] elide bootloader password
Resolves: bz1101311
- [plugin] backport do_path_regex_sub()
Resolves: bz1101311
- [networking] do not attempt to read use-gss-proxy
Resolves: bz1079954
- [mysql] limit log collection by default
Resolves: bz1015783
- [mysql] add optional database dump support
Resolves: bz1032262
- [docs] update man pages
Resolves: bz1022226
- [sosreport] log exceptions during Plugin.postproc()
Resolves: bz1020445
- [distupgrade] elide passwords in kickstart user directives
Resolves: bz1052344

[2.2-56.el6]
- [ipa] add ipa-replica-manage output
Resolves: bz1012410
- [bootloader] Include /etc/yaboot.conf
Resolves: bz1001941
- [cluster] collect /sys/fs/gfs2/*/withdraw
Resolves: bz997174
- [general] do not collect /var/log/sa
Resolves: bz1001600
- [networking] avoid Cisco cdp paths in /proc and /sys
Resolves: bz1004936
- [sar] Handle compressed binary data files better
Resolves: bz1001600
- [sar] Add file size limits
Resolves: bz1001600
- [sar] Enable XML data collection
Resolves: bz1001600

[2.2-55.el6]
- [selinux] pass --input-logs when calling ausearch
Resolves: bz1032706
- [printing] fix cups log file size limiting
Resolves: bz1061529
- [auditd] fix log size limiting
Resolves: bz1061529
- [hardware] call hardware.py directly instead of invoking python
Resolves: bz1041770

[2.2-54.el6]
- [hpasm] new plugin to collect HP ASM information
Resolves: bz915115
- [sos] improve handling of fatal IO errors
Resolves: bz1085042
- [bootloader] collect grub.conf for UEFI based systems
Resolves: bz1076388
- [ctdb] add plugin to collect Samba CTDB information
Resolves: bz961041
- [keepalived] new plugin
Resolves: bz1107862
- [sssd] scrub ldap_default_authtok in sssd plugin
Resolves: bz1013366
- [haproxy] new plugin
Resolves: bz1107866
- [gluster] add 'logsize' and 'all_logs' plugin options
Resolves: bz1002619

[2.2-52.el6]
- Fix doRegexSub() usage in distupgrade plugin
Resolves: bz1052344

[2.2-51.el6]
- Redact user home directory paths in distupgrade plugin
Resolves: bz1052344

[2.2-49.el6]
- Add distupgrade plugin
Resolves: bz1052344

[2.2-48.el6]
- Pass a --from parameter when calling crm_report
Resolves: bz1035774


Related CVEs


CVE-2015-7529

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3.3 (x86_64) sos-3.2-28.0.1.el6_7.2.src.rpm8a9ab7550be82c8bf096684f94df01a1OVMBA-2018-0200
sos-3.2-28.0.1.el6_7.2.noarch.rpma8897fe7a3c7b5dc82f5fe6b9b003d23OVMBA-2018-0200
Oracle VM 3.4 (x86_64) sos-3.2-28.0.1.el6_7.2.src.rpm8a9ab7550be82c8bf096684f94df01a1OVMBA-2018-0200
sos-3.2-28.0.1.el6_7.2.noarch.rpma8897fe7a3c7b5dc82f5fe6b9b003d23OVMBA-2018-0200



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete