Описание
Security update for rear27a
This update for rear27a fixes the following issues:
- CVE-2024-23301: Fixed world-readable initrd with GRUB_RESCUE=Y (bsc#1218728).
Bug fixes:
- Fix mkinitrd dependency issue by installing dracut-mkinitrd-deprecated (see bsc#1202352).
Список пакетов
SUSE Linux Enterprise High Availability Extension 15 SP5
rear27a-2.7-150500.3.3.1
openSUSE Leap 15.5
rear27a-2.7-150500.3.3.1
Ссылки
- Link for SUSE-SU-2024:0657-1
- E-Mail link for SUSE-SU-2024:0657-1
- SUSE Security Ratings
- SUSE Bug 1202352
- SUSE Bug 1218728
- SUSE CVE CVE-2024-23301 page
Описание
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15 SP5:rear27a-2.7-150500.3.3.1
openSUSE Leap 15.5:rear27a-2.7-150500.3.3.1
Ссылки
- CVE-2024-23301
- SUSE Bug 1218728