Updated dracut packages fix security vulnerability
Publication date: 17 Nov 2016Modification date: 17 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-8637
Description
A local information disclosure issue was found in dracut when generating initramfs images with world-readable permissions when "early cpio" is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials (CVE-2016-8637).
References
SRPMS
5/core
- dracut-038-21.1.mga5