openSUSE Security Update : dracut (openSUSE-2017-347)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for dracut fixes the following issues :

Security issues fixed :

- CVE-2016-8637: When the early microcode loading was
enabled during initrd creation, the initrd would be
read-only available for all users, allowing local users
to retrieve secrets stored in the initial ramdisk.
(bsc#1008340)

Non security issues fixed :

- Allow booting from degraded MD arrays with systemd.
(bsc#1017695)

- Start multipath services before local-fs-pre.target.
(bsc#1005410, bsc#1006118, bsc#1007925, bsc#986734,
bsc#986838)

This update was imported from the SUSE:SLE-12-SP1:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1005410
https://bugzilla.opensuse.org/show_bug.cgi?id=1006118
https://bugzilla.opensuse.org/show_bug.cgi?id=1007925
https://bugzilla.opensuse.org/show_bug.cgi?id=1008340
https://bugzilla.opensuse.org/show_bug.cgi?id=1017695
https://bugzilla.opensuse.org/show_bug.cgi?id=986734
https://bugzilla.opensuse.org/show_bug.cgi?id=986838

Solution :

Update the affected dracut packages.

Risk factor :

Medium

Family: SuSE Local Security Checks

Nessus Plugin ID: 97790 ()

Bugtraq ID:

CVE ID: CVE-2016-8637

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now