sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.
| Software | From | Fixed in |
|---|---|---|
| redhat / sysreport | 1.2 | 1.2.x |
| redhat / sysreport | 1.1 | 1.1.x |
| redhat / sysreport | 1.3 | 1.3.x |
| redhat / enterprise_linux | 2.1 | 2.1.x |
| redhat / enterprise_linux | 4.0 | 4.0.x |
| redhat / enterprise_linux_desktop | 3.0 | 3.0.x |
| redhat / linux_advanced_workstation | 2.1 | 2.1.x |
| redhat / enterprise_linux | 3.0 | 3.0.x |
| redhat / enterprise_linux_desktop | 4.0 | 4.0.x |