Overview

File _patchinfo of Package patchinfo.4068

<patchinfo incident="4068">
  <issue id="1020063" tracker="bnc">booting hangs with fips mode and virtio-rng-pci enabled on sles12sp3</issue>
  <issue id="1019938" tracker="bnc">root filesystem (under LVM) recovery using xfs_repair in dracut segfaults</issue>
  <issue id="1008648" tracker="bnc">/sbin/installkernel does not handle make bin-rpmpkg result</issue>
  <issue id="902375" tracker="bnc">mkinitrd/dracut ignores symlink in kernel argument</issue>
  <issue id="1005410" tracker="bnc">multipath boot race with data on partitions (s390x)</issue>
  <issue id="1006118" tracker="bnc">race condition with root on multipath</issue>
  <issue id="1007925" tracker="bnc">lvm/multipath issue (s390x)</issue>
  <issue id="1008340" tracker="bnc">VUL-1: CVE-2016-8637: dracut: creates world readable initramfs when early cpio is used</issue>
  <issue id="1017141" tracker="bnc">purge-kernels.service fails when kgraft patches are installed</issue>
  <issue id="1017695" tracker="bnc">Boot on broken RAID 1 with missing disk fails</issue>
  <issue id="1021687" tracker="bnc">fips=1 parameter causes SLES12 SP2 system to drop in emergency shell</issue>
  <issue id="2016-8637" tracker="cve"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>dmolkentin</packager>
  <description>
This update for dracut fixes the following issues:

Security issues fixed:

- CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd
  would be read-only available for all users, allowing local users to retrieve secrets stored in
  the initial ramdisk. (bsc#1008340)

Non security issues fixed:

- Remove zlib module as requirement. (bsc#1020063)
- Unlimit TaskMax for xfs_repair in emergency shell. (bsc#1019938)
- Resolve symbolic links for -i and -k parameters. (bsc#902375)
- Enhance purge-kernels script to handle kgraft patches. (bsc#1017141)
- Allow booting from degraded MD arrays with systemd. (bsc#1017695)
- Allow booting on s390x with fips=1 on the kernel command line. (bnc#1021687)
- Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925)
- Fix /sbin/installkernel to handle kernel packages built with 'make bin-rpmpkg'. (bsc#1008648)
</description>
  <summary>Security update for dracut</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places