Updated dracut packages fix security vulnerability
Publication date: 17 Nov 2016Modification date: 17 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-8637
Description
A local information disclosure issue was found in dracut when generating
initramfs images with world-readable permissions when "early cpio" is
used, such as when including microcode updates. Local attacker can use
this to obtain sensitive information from these files, such as encryption
keys or credentials (CVE-2016-8637).
References
SRPMS
5/core
- dracut-038-21.1.mga5