Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for dracut

This update for dracut fixes the following issues:

Security issues fixed:

- CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd
would be read-only available for all users, allowing local users to retrieve secrets stored in
the initial ramdisk. (bsc#1008340)

Non security issues fixed:

- Remove zlib module as requirement. (bsc#1020063)
- Unlimit TaskMax for xfs_repair in emergency shell. (bsc#1019938)
- Resolve symbolic links for -i and -k parameters. (bsc#902375)
- Enhance purge-kernels script to handle kgraft patches. (bsc#1017141)
- Allow booting from degraded MD arrays with systemd. (bsc#1017695)
- Allow booting on s390x with fips=1 on the kernel command line. (bnc#1021687)
- Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925)
- Fix /sbin/installkernel to handle kernel packages built with 'make bin-rpmpkg'. (bsc#1008648)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Fixed bugs
bnc#1020063
booting hangs with fips mode and virtio-rng-pci enabled on sles12sp3
bnc#1019938
root filesystem (under LVM) recovery using xfs_repair in dracut segfaults
bnc#1008648
/sbin/installkernel does not handle make bin-rpmpkg result
bnc#902375
mkinitrd/dracut ignores symlink in kernel argument
bnc#1005410
multipath boot race with data on partitions (s390x)
bnc#1006118
race condition with root on multipath
bnc#1007925
lvm/multipath issue (s390x)
bnc#1008340
VUL-1: CVE-2016-8637: dracut: creates world readable initramfs when early cpio is used
bnc#1017141
purge-kernels.service fails when kgraft patches are installed
bnc#1017695
Boot on broken RAID 1 with missing disk fails
bnc#1021687
fips=1 parameter causes SLES12 SP2 system to drop in emergency shell
CVE-2016-8637
Selected Binaries
openSUSE Build Service is sponsored by
Places