Security update for dracut
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2017:0641-1
Final
1
1
2017-03-09T09:31:06Z
current
2017-03-09T09:31:06Z
2017-03-09T09:31:06Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for dracut
This update for dracut fixes the following issues:
Security issues fixed:
- CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd
would be read-only available for all users, allowing local users to retrieve secrets stored in
the initial ramdisk. (bsc#1008340)
Non security issues fixed:
- Allow booting from degraded MD arrays with systemd. (bsc#1017695)
- Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925,
bsc#986734, bsc#986838)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-DESKTOP-12-SP1-2017-353,SUSE-SLE-SERVER-12-SP1-2017-353
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2017/suse-su-20170641-1/
Link for SUSE-SU-2017:0641-1
https://lists.suse.com/pipermail/sle-security-updates/2017-March/002688.html
E-Mail link for SUSE-SU-2017:0641-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1005410
SUSE Bug 1005410
https://bugzilla.suse.com/1006118
SUSE Bug 1006118
https://bugzilla.suse.com/1007925
SUSE Bug 1007925
https://bugzilla.suse.com/1008340
SUSE Bug 1008340
https://bugzilla.suse.com/1017695
SUSE Bug 1017695
https://bugzilla.suse.com/986734
SUSE Bug 986734
https://bugzilla.suse.com/986838
SUSE Bug 986838
https://www.suse.com/security/cve/CVE-2016-8637/
SUSE CVE CVE-2016-8637 page
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
dracut-037-91.1
dracut-fips-037-91.1
dracut-037-91.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
dracut-037-91.1 as a component of SUSE Linux Enterprise Server 12 SP1
dracut-fips-037-91.1 as a component of SUSE Linux Enterprise Server 12 SP1
dracut-037-91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
dracut-fips-037-91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.
CVE-2016-8637
SUSE Linux Enterprise Desktop 12 SP1:dracut-037-91.1
SUSE Linux Enterprise Server 12 SP1:dracut-037-91.1
SUSE Linux Enterprise Server 12 SP1:dracut-fips-037-91.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:dracut-037-91.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:dracut-fips-037-91.1
moderate
2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20170641-1/
https://www.suse.com/security/cve/CVE-2016-8637.html
CVE-2016-8637
https://bugzilla.suse.com/1008340
SUSE Bug 1008340