openSUSE Security Update: Security update for dracut ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0708-1 Rating: moderate References: #1005410 #1006118 #1007925 #1008340 #1017695 #986734 #986838 Cross-References: CVE-2016-8637 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for dracut fixes the following issues: Security issues fixed: - CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. (bsc#1008340) Non security issues fixed: - Allow booting from degraded MD arrays with systemd. (bsc#1017695) - Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925, bsc#986734, bsc#986838) This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2017-347=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): dracut-037-80.1 dracut-debuginfo-037-80.1 dracut-debugsource-037-80.1 dracut-fips-037-80.1 References: https://www.suse.com/security/cve/CVE-2016-8637.html https://bugzilla.suse.com/1005410 https://bugzilla.suse.com/1006118 https://bugzilla.suse.com/1007925 https://bugzilla.suse.com/1008340 https://bugzilla.suse.com/1017695 https://bugzilla.suse.com/986734 https://bugzilla.suse.com/986838