Security update for dracut
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2015:2022-1
Final
1
1
2015-11-11T07:21:39Z
current
2015-11-11T07:21:39Z
2015-11-11T07:21:39Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for dracut
The dracut package was updated to fix the following security and non security issues:
- CVE-2015-0794: Use mktemp instead of hardcoded filenames, possible vulnerability (bnc#935338).
- Always install mdraid modules (boo#935993).
- Add notice when dracut failed to install modules (bsc#952491).
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
http://lists.opensuse.org/opensuse-updates/2015-11/msg00098.html
E-Mail link for openSUSE-SU-2015:2022-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE 13.2
dracut-037-17.30.1
dracut-debuginfo-037-17.30.1
dracut-debugsource-037-17.30.1
dracut-fips-037-17.30.1
dracut-037-17.30.1 as a component of openSUSE 13.2
dracut-debuginfo-037-17.30.1 as a component of openSUSE 13.2
dracut-debugsource-037-17.30.1 as a component of openSUSE 13.2
dracut-fips-037-17.30.1 as a component of openSUSE 13.2
modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.
CVE-2015-0794
openSUSE 13.2:dracut-037-17.30.1
openSUSE 13.2:dracut-debuginfo-037-17.30.1
openSUSE 13.2:dracut-debugsource-037-17.30.1
openSUSE 13.2:dracut-fips-037-17.30.1
moderate
Please Install the update.
http://lists.opensuse.org/opensuse-updates/2015-11/msg00098.html
https://www.suse.com/security/cve/CVE-2015-0794.html
CVE-2015-0794
https://bugzilla.suse.com/923755
SUSE Bug 923755
https://bugzilla.suse.com/935338
SUSE Bug 935338
https://bugzilla.suse.com/963976
SUSE Bug 963976