sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "3.1-1ubuntu2.1", "binary_name": "sosreport" } ] }