openSUSE-SU-2017:0708-1

Опубликовано: 16 мар. 2017

Источник: suse-cvrf

Описание

Security update for dracut

This update for dracut fixes the following issues:

Security issues fixed:

CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. (bsc#1008340)

Non security issues fixed:

Allow booting from degraded MD arrays with systemd. (bsc#1017695)
Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925, bsc#986734, bsc#986838)

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Список пакетов

openSUSE Leap 42.1

dracut-037-80.1

dracut-fips-037-80.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-03/msg00047.html
E-Mail link for openSUSE-SU-2017:0708-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.

Затронутые продукты

openSUSE Leap 42.1:dracut-037-80.1

openSUSE Leap 42.1:dracut-fips-037-80.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-8637.html
CVE-2016-8637
https://bugzilla.suse.com/1008340
SUSE Bug 1008340

openSUSE-SU-2017:0708-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-8637

Описание

Затронутые продукты

Ссылки