Security update for dracut

SUSE Security Update: Security update for dracut
Announcement ID: SUSE-SU-2017:2696-1
Rating: moderate
References: #1005410 #1006118 #1007925 #1008340 #1008648 #1017695 #1032576 #1035743 #935320 #959803 #986734 #986838
Affected Products:
  • SUSE Linux Enterprise Server 12-LTSS
    		•

    An update that solves one vulnerability and has 11 fixes is now available.

    Description:


    This update for dracut fixes the following issues:

    Security issues fixed:

    - CVE-2016-8637: When the early microcode loading was enabled during
    initrd creation, the initrd would be read-only available for all users,
    allowing local users to retrieve secrets stored in the initial ramdisk.
    (bsc#1008340)

    Non-security issues fixed:

    - Skip iBFT discovery for qla4xxx flashnode session. (bsc#935320)
    - Set MTU and LLADDR for DHCP if specified. (bsc#959803)
    - Allow booting from degraded MD arrays with systemd. (bsc#1017695)
    - Start multipath services before local-fs-pre.target. (bsc#1005410,
    bsc#1006118, bsc#1007925, bsc#986734, bsc#986838)
    - Fixed /sbin/installkernel to handle kernel packages built with 'make
    bin-rpmpkg'. (bsc#1008648)
    - Fixed typo in installkernel script. (bsc#1032576)
    - Fixed subnet calculation in mkinitrd. (bsc#1035743)

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 12-LTSS:
      zypper in -t patch SUSE-SLE-SERVER-12-2017-1669=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
      • dracut-037-51.31.1
      • dracut-debuginfo-037-51.31.1
      • dracut-debugsource-037-51.31.1
      • dracut-fips-037-51.31.1

    References: