Описание
Security update for dracut
This update for dracut fixes the following issues:
Security issues fixed:
- CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. (bsc#1008340)
Non-security issues fixed:
- Skip iBFT discovery for qla4xxx flashnode session. (bsc#935320)
- Set MTU and LLADDR for DHCP if specified. (bsc#959803)
- Allow booting from degraded MD arrays with systemd. (bsc#1017695)
- Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925, bsc#986734, bsc#986838)
- Fixed /sbin/installkernel to handle kernel packages built with 'make bin-rpmpkg'. (bsc#1008648)
- Fixed typo in installkernel script. (bsc#1032576)
- Fixed subnet calculation in mkinitrd. (bsc#1035743)
Список пакетов
SUSE Linux Enterprise Server 12-LTSS
dracut-037-51.31.1
dracut-fips-037-51.31.1
Ссылки
- Link for SUSE-SU-2017:2696-1
- E-Mail link for SUSE-SU-2017:2696-1
- SUSE Security Ratings
- SUSE Bug 1005410
- SUSE Bug 1006118
- SUSE Bug 1007925
- SUSE Bug 1008340
- SUSE Bug 1008648
- SUSE Bug 1017695
- SUSE Bug 1032576
- SUSE Bug 1035743
- SUSE Bug 935320
- SUSE Bug 959803
- SUSE Bug 986734
- SUSE Bug 986838
- SUSE CVE CVE-2016-8637 page
Описание
A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.
Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:dracut-037-51.31.1
SUSE Linux Enterprise Server 12-LTSS:dracut-fips-037-51.31.1
Ссылки
- CVE-2016-8637
- SUSE Bug 1008340