Описание
Security update for dracut
This update for dracut fixes the following issues:
Security issues fixed:
- CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. (bsc#1008340)
Non security issues fixed:
- Allow booting from degraded MD arrays with systemd. (bsc#1017695)
- Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925, bsc#986734, bsc#986838)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
dracut-037-91.1
SUSE Linux Enterprise Server 12 SP1
dracut-037-91.1
dracut-fips-037-91.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
dracut-037-91.1
dracut-fips-037-91.1
Ссылки
- Link for SUSE-SU-2017:0641-1
- E-Mail link for SUSE-SU-2017:0641-1
- SUSE Security Ratings
- SUSE Bug 1005410
- SUSE Bug 1006118
- SUSE Bug 1007925
- SUSE Bug 1008340
- SUSE Bug 1017695
- SUSE Bug 986734
- SUSE Bug 986838
- SUSE CVE CVE-2016-8637 page
Описание
A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:dracut-037-91.1
SUSE Linux Enterprise Server 12 SP1:dracut-037-91.1
SUSE Linux Enterprise Server 12 SP1:dracut-fips-037-91.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:dracut-037-91.1
Ссылки
- CVE-2016-8637
- SUSE Bug 1008340