Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Fedora 24: FEDORA-2016-94d1c64fe2 Critical: Dracut Info Disclosure

fedora
Calendar Grey November 10, 2016
Scroller Fedora Esm H88
Notice for Fedora 24: dracut addresses initramfs file permission problems triggered by microcode. Critical security update set for release.
- fixed permissions of initramfs file, if microcode is prepended (CVE-2016-8637)

Summary

dracut contains tools to create a bootable initramfs for 2.6 Linux kernels.

Unlike existing implementations, dracut does hard-code as little as possible

into the initramfs. dracut contains various modules which are driven by the

event-based udev. Having root on MD, DM, LVM2, LUKS is supported as well as

NFS, iSCSI, NBD, FCoE with the dracut-network package.

Update Information:

- fixed permissions of initramfs file, if microcode is prepended (CVE-2016-8637)

Change Log

References


[ 1 ] Bug #1392435 - CVE-2016-8637 dracut: Local information disclosure of initramfs when early cpio is used [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1392435

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade dracut' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: dracut
Product: Fedora 24
Version: 044
Release: 21.fc24
Summary: Initramfs generator using udev

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.