File _patchinfo of Package patchinfo.30554
<patchinfo incident="30554">
<issue tracker="bnc" id="1207598">VUL-0: CVE-2022-45154: supportconfig: does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh</issue>
<issue tracker="bnc" id="1206608">supportconfig - docker - Argument list too long</issue>
<issue tracker="bnc" id="1206402">Supportconfig does not remove passwords in /etc/iscsi/iscsid.conf.</issue>
<issue tracker="bnc" id="1210950">powerpc plugin to collect the slots and active memory sharing information (lsslot, amsstat)and opal-elogs.</issue>
<issue tracker="bnc" id="1181477">supportconfig doesn't collect container information when podman is used instead of docker</issue>
<issue tracker="bnc" id="1213127">Azure - Customer executed "supportconifg -l" command twice - Implement a check to verify if command is already running - SFSC 00696352 - ref:_00D1igLOd._5005qSrAqu:ref</issue>
<issue tracker="bnc" id="1196933">apparmor supportutils plugin outdated</issue>
<issue tracker="bnc" id="1211599">supportconfig is missing discovery and NBFT info</issue>
<issue tracker="bnc" id="1211598">supportconfig runs invalid nvme commands</issue>
<issue tracker="bnc" id="1207543">supportconfig collects last 30 files but should collect files for last 30 days instead</issue>
<issue tracker="bnc" id="1208928">Insufficient hwinfo details in supportconfig</issue>
<issue tracker="bnc" id="1204942">SLES15sp3: getappcore is checking for chkbin in the wrong location.</issue>
<issue tracker="bnc" id="1205533">getappcore uses incorrect path to chkbin ref:_00D1igLOd._5005qFgDBr:ref</issue>
<issue tracker="bnc" id="1209979">Supportconfig should check for selinux</issue>
<issue tracker="bnc" id="1210015">supportconfig should check for sysfstool</issue>
<issue tracker="cve" id="2022-45154"/>
<issue tracker="jsc" id="PED-1703"/>
<packager>jrecord</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for supportutils</summary>
<description>This update for supportutils fixes the following issues:
Security Fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
</description>
</patchinfo>
