dracut-044-17.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10225-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z dracut-044-17.1 on GA media These are all security issues fixed in the dracut-044-17.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10225 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2012-4453/ SUSE CVE CVE-2012-4453 page https://www.suse.com/security/cve/CVE-2016-8637/ SUSE CVE CVE-2016-8637 page openSUSE Tumbleweed dracut-044-17.1 dracut-fips-044-17.1 dracut-tools-044-17.1 dracut-044-17.1 as a component of openSUSE Tumbleweed dracut-fips-044-17.1 as a component of openSUSE Tumbleweed dracut-tools-044-17.1 as a component of openSUSE Tumbleweed dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. CVE-2012-4453 openSUSE Tumbleweed:dracut-044-17.1 openSUSE Tumbleweed:dracut-fips-044-17.1 openSUSE Tumbleweed:dracut-tools-044-17.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4453.html CVE-2012-4453 https://bugzilla.suse.com/1008340 SUSE Bug 1008340 https://bugzilla.suse.com/782734 SUSE Bug 782734 A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials. CVE-2016-8637 openSUSE Tumbleweed:dracut-044-17.1 openSUSE Tumbleweed:dracut-fips-044-17.1 openSUSE Tumbleweed:dracut-tools-044-17.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8637.html CVE-2016-8637 https://bugzilla.suse.com/1008340 SUSE Bug 1008340