CVE-2014-0246

Publication date 29 May 2014

Last updated 24 July 2024

SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
sosreport	17.10 artful	Not affected
	17.04 zesty	Not affected
	16.10 yakkety	Not affected
	16.04 LTS xenial	Not affected
	15.10 wily	Not affected
	15.04 vivid	Not affected
	14.04 LTS trusty	Fixed 3.4-1~ubuntu14.04.1
	12.04 LTS precise	Not in release

How can I get the fixes?
What do statuses mean?
Patch details

Notes

tyhicks

Fixed upstream in the 3.2 release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
sosreport	Upstream: 5447fac Upstream: 23182c4 Upstream: 6501013 Upstream: d335f4f

References

MITRE
NVD
Launchpad
Debian

Other references

http://www.openwall.com/lists/oss-security/2014/05/27/1
https://www.cve.org/CVERecord?id=CVE-2014-0246