[Bug 1141017] New: installer logs contain user password
http://bugzilla.suse.com/show_bug.cgi?id=1141017 Bug ID: 1141017 Summary: installer logs contain user password Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Installation Assignee: yast2-maintainers@suse.de Reporter: msuchanek@suse.com QA Contact: jsrain@suse.com Found By: --- Blocker: --- y2log-djV3TE/YaST2/yast-installation-logs/YaST2/y2log: 'text_userpassword' -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1141017 http://bugzilla.suse.com/show_bug.cgi?id=1141017#c1 Steffen Winterfeldt <snwint@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |msuchanek@suse.com Flags| |needinfo?(msuchanek@suse.co | |m) --- Comment #1 from Steffen Winterfeldt <snwint@suse.com> --- Please attach yast logs. To collect log files run 'save_y2logs' and attach the log file archive this command creates (usually named /tmp/y2log-SOMETHING.tar.xz). If the installation (more or less) succeeded and you can access the installed system, you can collect the logs there. Else you have these options to collect the logs from the installation environment: - there's a shell running on consoles 5 and 6 during installation - get a console window by pressing Ctrl-Shift-Alt-x in the installer's graphical UI - if you can't reach neither or you're on a serial line or you're doing autoyast: boot with 'startshell=1' which will give you a shell before and *after* the installer runs; to continue the regular installation workflow just exit this shell If you're unsure what to do, please have a look at https://en.opensuse.org/openSUSE:Report_a_YaST_bug#logfiles -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1141017 http://bugzilla.suse.com/show_bug.cgi?id=1141017#c2 --- Comment #2 from Michal Suchanek <msuchanek@suse.com> --- Created attachment 810015 --> http://bugzilla.suse.com/attachment.cgi?id=810015&action=edit yast log -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1141017 http://bugzilla.suse.com/show_bug.cgi?id=1141017#c3 Fabian Vogt <fvogt@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fvogt@suse.com Flags|needinfo?(msuchanek@suse.co | |m) | --- Comment #3 from Fabian Vogt <fvogt@suse.com> --- (In reply to Michal Suchanek from comment #2)
Created attachment 810015 [details] yast log
Excerpt from y2log-1: 'text_userpassword' => 'koli67p[', 'type' => 'local', 'uid' => 'hramrach', 'uidNumber' => 1000, 'userPassword' => '*****', -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1141017 http://bugzilla.suse.com/show_bug.cgi?id=1141017#c4 Steffen Winterfeldt <snwint@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #4 from Steffen Winterfeldt <snwint@suse.com> --- fixed: https://github.com/yast/yast-users/pull/210 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1141017 David Diaz <dgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED CC| |dgonzalez@suse.com Resolution|FIXED |--- Assignee|yast2-maintainers@suse.de |security-team@suse.de -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1141017 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |ibs:running:12339:important -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1141017 http://bugzilla.suse.com/show_bug.cgi?id=1141017#c6 --- Comment #6 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2019:2215-1: An update that has one recommended fix can now be installed. Category: recommended (important) Bug References: 1141017 CVE References: Sources used: SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): yast2-users-4.1.14-3.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1141017 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:12339:important | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1141017 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |obs:running:10947:important -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1141017 http://bugzilla.suse.com/show_bug.cgi?id=1141017#c7 --- Comment #7 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-RU-2019:2043-1: An update that has one recommended fix can now be installed. Category: recommended (important) Bug References: 1141017 CVE References: Sources used: openSUSE Leap 15.1 (src): yast2-users-4.1.14-lp151.2.6.1 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1141017 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|obs:running:10947:important | -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1141017 https://bugzilla.suse.com/show_bug.cgi?id=1141017#c19 Ancor Gonzalez Sosa <ancor@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ancor@suse.com --- Comment #19 from Ancor Gonzalez Sosa <ancor@suse.com> --- This is still in state "REOPENED" although I think the fixes were released long ago. Right? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1141017 https://bugzilla.suse.com/show_bug.cgi?id=1141017#c20 --- Comment #20 from David Diaz <dgonzalez@suse.com> --- (In reply to Ancor Gonzalez Sosa from comment #19)
This is still in state "REOPENED" although I think the fixes were released long ago. Right?
Right. As said in comment #5 I reopened and assigned it to the security team when backporting fixes to SP1 in https://github.com/yast/yast-users/pull/212 I guess it can be closed. -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com