Oracle Linux 7 : sos-collector (ELSA-2018-3663)

Low Nessus Plugin ID 119278


The remote Oracle Linux host is missing a security update.


From Red Hat Security Advisory 2018:3663 :

An update for sos-collector is now available for Red Hat Enterprise
Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

sos-collector is a utility that gathers sosreports from multi-node
environments. sos-collector facilitates data collection for support
cases and it can be run from either a node or from an administrator's
local workstation that has network access to the environment.

The following packages have been upgraded to a later upstream version:
sos-collector (1.5). (BZ#1644776)

Security Fix(es) :

* sos-collector: incorrect permissions set on newly created files

For more details about the security issue(s), including the impact, a
CVSS score, and other related information, refer to the CVE page(s)
listed in the References section.

This issue was discovered by Riccardo Schirone (Red Hat Product


Update the affected sos-collector package.

See Also

Plugin Details

Severity: Low

ID: 119278

File Name: oraclelinux_ELSA-2018-3663.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2018/11/29

Modified: 2019/01/08

Dependencies: 12634

Risk Information

Risk Factor: Low

CVSS v2.0

Base Score: 1.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS v3.0

Base Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:sos-collector, cpe:/o:oracle:linux:7

Patch Publication Date: 2018/11/28

Reference Information

CVE: CVE-2018-14650

RHSA: 2018:3663