Red Hat Product Errata RHSA-2018:3663 - Security Advisory

Issued:: 2018-11-26
Updated:: 2018-11-26

RHSA-2018:3663 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: sos-collector security update

Type/Severity

Security Advisory: Moderate

Topic

An update for sos-collector is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

sos-collector is a utility that gathers sosreports from multi-node environments. sos-collector facilitates data collection for support cases and it can be run from either a node or from an administrator's local workstation that has network access to the environment.

The following packages have been upgraded to a later upstream version: sos-collector (1.5). (BZ#1644776)

Security Fix(es):

sos-collector: incorrect permissions set on newly created files (CVE-2018-14650)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

This issue was discovered by Riccardo Schirone (Red Hat Product Security).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
Red Hat Enterprise Linux for ARM 64 7 aarch64
Red Hat Enterprise Linux for Power 9 7 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

BZ - 1633243 - CVE-2018-14650 sos-collector: incorrect permissions set on newly created files

CVEs

CVE-2018-14650

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
x86_64
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux Server - Extended Update Support 7.6

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
x86_64
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
x86_64
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux Workstation 7

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
x86_64
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux Desktop 7

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
x86_64
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
s390x
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
s390x
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux for Power, big endian 7

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
ppc64
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
ppc64
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
x86_64
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux EUS Compute Node 7.6

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
x86_64
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux for Power, little endian 7

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
ppc64le
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
ppc64le
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
x86_64
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux for ARM 64 7

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
aarch64
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux for Power 9 7

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
ppc64le
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
ppc64le
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
x86_64
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
sos-collector-1.5-3.el7_6.src.rpm	SHA-256: 4925318b8347d8b0e71d74e331ff3e8a1efdf8b901944bb5b40f9fc9dc52e9b2
s390x
sos-collector-1.5-3.el7_6.noarch.rpm	SHA-256: eeb2d50861004befcd4466a8f9d5ac9c576b33cd022ed6b2e9fdc0c4a3ddfeff

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.