https://bugzilla.suse.com/show_bug.cgi?id=1202925 https://bugzilla.suse.com/show_bug.cgi?id=1202925#c2 Fabian Vogt <fvogt@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #2 from Fabian Vogt <fvogt@suse.com> --- Fixed with sr 1006120.

I don't think its a real security issue, because:

- being able to edit the kernel command line also offers other attack vectors like `init=/bin/bash`.

Yeah, this is not a vulnerability. At some point the /proc/cmdline parsing can probably be removed, because those options are only set by our isolinux theme, which is only used on the i586 live media anymore. Other archs including x86_64 use grub2 meanwhile which doesn't offer the language and keyboard options. -- You are receiving this mail because: You are on the CC list for the bug.