Security update for dracut

SUSE Security Update: Security update for dracut
Announcement ID: SUSE-SU-2017:0951-1
Rating: moderate
References: #1005410 #1006118 #1007925 #1008340 #1008648 #1017141 #1017695 #1019938 #1020063 #1021687 #902375
Affected Products:
  • SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
  • SUSE Linux Enterprise Server 12-SP2
  • SUSE Linux Enterprise Desktop 12-SP2
  • OpenStack Cloud Magnum Orchestration 7

  • An update that solves one vulnerability and has 10 fixes is now available.

    Description:


    This update for dracut fixes the following issues:

    Security issues fixed:

    - CVE-2016-8637: When the early microcode loading was enabled during
    initrd creation, the initrd would be read-only available for all users,
    allowing local users to retrieve secrets stored in the initial ramdisk.
    (bsc#1008340)

    Non security issues fixed:

    - Remove zlib module as requirement. (bsc#1020063)
    - Unlimit TaskMax for xfs_repair in emergency shell. (bsc#1019938)
    - Resolve symbolic links for -i and -k parameters. (bsc#902375)
    - Enhance purge-kernels script to handle kgraft patches. (bsc#1017141)
    - Allow booting from degraded MD arrays with systemd. (bsc#1017695)
    - Allow booting on s390x with fips=1 on the kernel command line.
    (bnc#1021687)
    - Start multipath services before local-fs-pre.target. (bsc#1005410,
    bsc#1006118, bsc#1007925)
    - Fix /sbin/installkernel to handle kernel packages built with 'make
    bin-rpmpkg'. (bsc#1008648)

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
      zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-547=1
    • SUSE Linux Enterprise Server 12-SP2:
      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-547=1
    • SUSE Linux Enterprise Desktop 12-SP2:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-547=1
    • OpenStack Cloud Magnum Orchestration 7:
      zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-547=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
      • dracut-044-108.1
      • dracut-debuginfo-044-108.1
      • dracut-debugsource-044-108.1
      • dracut-fips-044-108.1
    • SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):
      • dracut-044-108.1
      • dracut-debuginfo-044-108.1
      • dracut-debugsource-044-108.1
      • dracut-fips-044-108.1
    • SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
      • dracut-044-108.1
      • dracut-debuginfo-044-108.1
      • dracut-debugsource-044-108.1
    • OpenStack Cloud Magnum Orchestration 7 (x86_64):
      • dracut-044-108.1
      • dracut-debuginfo-044-108.1
      • dracut-debugsource-044-108.1

    References: