openSUSE Security Update: Security update for dracut ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1033-1 Rating: moderate References: Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for dracut fixes the following issues: Security issues fixed: - CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. (bsc#1008340) Non security issues fixed: - Remove zlib module as requirement. (bsc#1020063) - Unlimit TaskMax for xfs_repair in emergency shell. (bsc#1019938) - Resolve symbolic links for -i and -k parameters. (bsc#902375) - Enhance purge-kernels script to handle kgraft patches. (bsc#1017141) - Allow booting from degraded MD arrays with systemd. (bsc#1017695) - Allow booting on s390x with fips=1 on the kernel command line. (bnc#1021687) - Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925) - Fix /sbin/installkernel to handle kernel packages built with 'make bin-rpmpkg'. (bsc#1008648) This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-482=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): dracut-044-16.3.1 dracut-debuginfo-044-16.3.1 dracut-debugsource-044-16.3.1 dracut-fips-044-16.3.1 dracut-tools-044-16.3.1 References: