Описание
Security update for dracut
This update for dracut fixes the following issues:
Security issues fixed:
- CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. (bsc#1008340)
Non security issues fixed:
- Remove zlib module as requirement. (bsc#1020063)
- Unlimit TaskMax for xfs_repair in emergency shell. (bsc#1019938)
- Resolve symbolic links for -i and -k parameters. (bsc#902375)
- Enhance purge-kernels script to handle kgraft patches. (bsc#1017141)
- Allow booting from degraded MD arrays with systemd. (bsc#1017695)
- Allow booting on s390x with fips=1 on the kernel command line. (bnc#1021687)
- Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925)
- Fix /sbin/installkernel to handle kernel packages built with 'make bin-rpmpkg'. (bsc#1008648)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
dracut-044-108.1
SUSE Linux Enterprise Server 12 SP2
dracut-044-108.1
dracut-fips-044-108.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
dracut-044-108.1
dracut-fips-044-108.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
dracut-044-108.1
dracut-fips-044-108.1
Ссылки
- Link for SUSE-SU-2017:0951-1
- E-Mail link for SUSE-SU-2017:0951-1
- SUSE Security Ratings
- SUSE Bug 1005410
- SUSE Bug 1006118
- SUSE Bug 1007925
- SUSE Bug 1008340
- SUSE Bug 1008648
- SUSE Bug 1017141
- SUSE Bug 1017695
- SUSE Bug 1019938
- SUSE Bug 1020063
- SUSE Bug 1021687
- SUSE Bug 902375
- SUSE CVE CVE-2016-8637 page
Описание
A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:dracut-044-108.1
SUSE Linux Enterprise Server 12 SP2:dracut-044-108.1
SUSE Linux Enterprise Server 12 SP2:dracut-fips-044-108.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:dracut-044-108.1
Ссылки
- CVE-2016-8637
- SUSE Bug 1008340