[Bug 2085607] Update Released
Mauricio Faria de Oliveira
2085607 at bugs.launchpad.net
Tue Dec 10 14:47:36 UTC 2024
The verification of the Stable Release Update for sosreport has
completed successfully and the package is now being released to
-updates. Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report. In
the event that you encounter a regression using the package from
-updates please report a new bug using ubuntu-bug and tag the bug report
regression-update so we can easily find any regressions.
--
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2085607
Title:
[sru] Obfuscation issues in sosreport sos 4.7.2
Status in sosreport source package in Focal:
Fix Released
Status in sosreport source package in Jammy:
Fix Released
Status in sosreport source package in Noble:
Fix Released
Status in sosreport source package in Oracular:
Fix Released
Bug description:
[ Impact ]
When doing SRU for sos 4.7.2 we encountered obfuscation issues,
although not a regression at the time, it was still an issue that had
been present for a while
So, these passwords would be fully visible to the end support
personnel and therefore leaked passwords.
[ Test Plan ]
1. Deploy a sunbeam simple cloud, and run the sos report, check to see if passwords are obfuscated in configuration file
2. Deploy heat, and ensure auth_encryption_key is obfuscated in configuration file
3. Deploy placement, and ensure that both NOVA_API_PASS and PLACEMENT_PASS are obfuscated in configuration file
4. Deploy mysql and ensure password field is obfuscated in configuration file
[ Where problems could occur ]
The corresponding files are not obfuscated, and we need to update the
patches
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/focal/+source/sosreport/+bug/2085607/+subscriptions
More information about the Ubuntu-sponsors
mailing list