Upstream information

CVE-2012-4453 at MITRE

Description

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.1
Vector AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entries: 1008340 [RESOLVED / FIXED], 782734 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • dracut >= 037-34.4
Patchnames:
SUSE Linux Enterprise Desktop 12 GA dracut
SUSE Linux Enterprise Desktop 12 SP1
  • dracut >= 037-66.2
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA dracut
SUSE Linux Enterprise Desktop 12 SP2
  • dracut >= 044-87.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA dracut
SUSE Linux Enterprise Desktop 12 SP3
  • dracut >= 044-113.10
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA dracut
SUSE Linux Enterprise Module for Basesystem 15
  • dracut >= 044.1-16.11
  • dracut-fips >= 044.1-16.11
  • dracut-ima >= 044.1-16.11
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA dracut
SUSE Linux Enterprise Server 12
  • dracut >= 037-34.4
  • dracut-fips >= 037-34.4
Patchnames:
SUSE Linux Enterprise Server 12 GA dracut
SUSE Linux Enterprise Server 12 SP1
  • dracut >= 037-66.2
  • dracut-fips >= 037-66.2
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA dracut
SUSE Linux Enterprise Server 12 SP2
  • dracut >= 044-87.1
  • dracut-fips >= 044-87.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA dracut
SUSE Linux Enterprise Server 12 SP3
  • dracut >= 044-113.10
  • dracut-fips >= 044-113.10
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA dracut
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • dracut >= 044-87.1
  • dracut-fips >= 044-87.1
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA dracut
openSUSE Leap 15.0
  • dracut >= 044.1-lp150.13.6
Patchnames:
openSUSE Leap 15.0 GA dracut
openSUSE Leap 42.1
  • dracut >= 037-66.2
Patchnames:
openSUSE Leap 42.1 GA dracut
openSUSE Leap 42.2
  • dracut >= 044-12.1
Patchnames:
openSUSE Leap 42.2 GA dracut
openSUSE Leap 42.3
  • dracut >= 044-21.7
Patchnames:
openSUSE Leap 42.3 GA dracut
openSUSE Tumbleweed
  • dracut >= 044-17.1
  • dracut-fips >= 044-17.1
  • dracut-tools >= 044-17.1
Patchnames:
openSUSE Tumbleweed GA dracut