SUSE-SU-2017:2696-1
- Source
- https://www.suse.com/support/update/announcement/2017/suse-su-20172696-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:2696-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2017:2696-1
- Related
- Published
- 2017-10-10T13:55:33Z
- Modified
- 2017-10-10T13:55:33Z
- Summary
- Security update for dracut
- Details
-
This update for dracut fixes the following issues:
Security issues fixed:
- CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. (bsc#1008340)
Non-security issues fixed:
- Skip iBFT discovery for qla4xxx flashnode session. (bsc#935320)
- Set MTU and LLADDR for DHCP if specified. (bsc#959803)
- Allow booting from degraded MD arrays with systemd. (bsc#1017695)
- Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925, bsc#986734, bsc#986838)
- Fixed /sbin/installkernel to handle kernel packages built with 'make bin-rpmpkg'. (bsc#1008648)
- Fixed typo in installkernel script. (bsc#1032576)
- Fixed subnet calculation in mkinitrd. (bsc#1035743)
- References
-
- https://www.suse.com/support/update/announcement/2017/suse-su-20172696-1/
- https://bugzilla.suse.com/1005410
- https://bugzilla.suse.com/1006118
- https://bugzilla.suse.com/1007925
- https://bugzilla.suse.com/1008340
- https://bugzilla.suse.com/1008648
- https://bugzilla.suse.com/1017695
- https://bugzilla.suse.com/1032576
- https://bugzilla.suse.com/1035743
- https://bugzilla.suse.com/935320
- https://bugzilla.suse.com/959803
- https://bugzilla.suse.com/986734
- https://bugzilla.suse.com/986838
- https://www.suse.com/security/cve/CVE-2016-8637