[Secure-testing-team] Bug#843697: dracut: CVE-2016-8637: dracut creates world readble initramfs when early cpio is used
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 8 20:25:40 UTC 2016
Source: dracut
Version: 031-1
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for dracut.
CVE-2016-8637[0]:
dracut creates world readble initramfs when early cpio is used
It was introduced in 030 with [1] and fixed in [2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-8637
[1] http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=5f2c30d9bcd614d546d5c55c6897e33f88b9ab90
[2] http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=0db98910a11c12a454eac4c8e86dc7a7bbc764a4
Regards,
Salvatore
More information about the Secure-testing-team
mailing list