High severity7.8NVD Advisory· Published Nov 6, 2017· Updated May 13, 2026
CVE-2015-7529
CVE-2015-7529
Description
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sosreportPyPI | >= 3.0, < 3.3 | 3.3 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- github.com/sosreport/sos/issues/696nvdIssue TrackingPatchThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-0152.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-0188.htmlnvdThird Party AdvisoryWEB
- www.securityfocus.com/bid/83162nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2845-1nvdIssue TrackingThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:0152nvdIssue TrackingThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:0188nvdIssue TrackingThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-3g56-2hh3-35phghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-7529ghsaADVISORY
- access.redhat.com/security/cve/CVE-2015-7529ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/sosreport/PYSEC-2017-73.yamlghsaWEB
- web.archive.org/web/20160416033632/http://www.securityfocus.com/bid/83162ghsaWEB
News mentions
0No linked articles in our index yet.