Advisories » MGASA-2024-0131

Updated rear packages fix security vulnerability

Publication date: 13 Apr 2024
Modification date: 13 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-23301

Description

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd
when using GRUB_RESCUE=y. This allows local attackers to gain access to
system secrets otherwise only readable by root. (CVE-2024-23301)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33085
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23301

SRPMS

9/core

• rear-2.6-2.1.mga9