Описание
Security update for dracut
The dracut package was updated to fix the following security and non-security issues:
- CVE-2015-0794: Use mktemp instead of hardcoded filenames, possible vulnerability (bsc#935338).
- Always install mdraid modules (bsc#935993).
- Add notice when dracut failed to install modules (bsc#952491).
- Always install dm-snaphost module if lvm dracut module is needed, even if dm-snapshot is not loaded on the host yet (bsc#947518).
Список пакетов
SUSE Linux Enterprise Desktop 12
dracut-037-51.17.3
SUSE Linux Enterprise Server 12
dracut-037-51.17.3
dracut-fips-037-51.17.3
SUSE Linux Enterprise Server for SAP Applications 12
dracut-037-51.17.3
dracut-fips-037-51.17.3
Ссылки
- Link for SUSE-SU-2015:2065-1
- E-Mail link for SUSE-SU-2015:2065-1
- SUSE Security Ratings
- SUSE Bug 935338
- SUSE Bug 935993
- SUSE Bug 947518
- SUSE Bug 952491
- SUSE CVE CVE-2015-0794 page
Описание
modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:dracut-037-51.17.3
SUSE Linux Enterprise Server 12:dracut-037-51.17.3
SUSE Linux Enterprise Server 12:dracut-fips-037-51.17.3
SUSE Linux Enterprise Server for SAP Applications 12:dracut-037-51.17.3
Ссылки
- CVE-2015-0794
- SUSE Bug 923755
- SUSE Bug 935338
- SUSE Bug 963976