Описание
Security update for dracut
This update for dracut fixes the following issues:
Security issues fixed:
- CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. (bsc#1008340)
Non security issues fixed:
- Remove zlib module as requirement. (bsc#1020063)
- Unlimit TaskMax for xfs_repair in emergency shell. (bsc#1019938)
- Resolve symbolic links for -i and -k parameters. (bsc#902375)
- Enhance purge-kernels script to handle kgraft patches. (bsc#1017141)
- Allow booting from degraded MD arrays with systemd. (bsc#1017695)
- Allow booting on s390x with fips=1 on the kernel command line. (bnc#1021687)
- Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925)
- Fix /sbin/installkernel to handle kernel packages built with 'make bin-rpmpkg'. (bsc#1008648)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Список пакетов
openSUSE Leap 42.2
dracut-044-16.3.1
dracut-fips-044-16.3.1
dracut-tools-044-16.3.1
Ссылки
- E-Mail link for openSUSE-SU-2017:1033-1
- SUSE Security Ratings
Описание
A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.
Затронутые продукты
openSUSE Leap 42.2:dracut-044-16.3.1
openSUSE Leap 42.2:dracut-fips-044-16.3.1
openSUSE Leap 42.2:dracut-tools-044-16.3.1
Ссылки
- CVE-2016-8637
- SUSE Bug 1008340