SUSE-SU-2015:2065-1: moderate: Security update for dracut

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Nov 20 10:10:17 MST 2015


   SUSE Security Update: Security update for dracut
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:2065-1
Rating:             moderate
References:         #935338 #935993 #947518 #952491 
Cross-References:   CVE-2015-0794
Affected Products:
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that solves one vulnerability and has three fixes
   is now available.

Description:

   The dracut package was updated to fix the following security and
   non-security issues:

   - CVE-2015-0794: Use mktemp instead of hardcoded filenames, possible
     vulnerability (bsc#935338).
   - Always install mdraid modules (bsc#935993).
   - Add notice when dracut failed to install modules (bsc#952491).
   - Always install dm-snaphost module if lvm dracut module is needed, even
     if dm-snapshot is not loaded on the host yet (bsc#947518).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-877=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-877=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      dracut-037-51.17.3
      dracut-debuginfo-037-51.17.3
      dracut-debugsource-037-51.17.3
      dracut-fips-037-51.17.3

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      dracut-037-51.17.3
      dracut-debuginfo-037-51.17.3
      dracut-debugsource-037-51.17.3


References:

   https://www.suse.com/security/cve/CVE-2015-0794.html
   https://bugzilla.suse.com/935338
   https://bugzilla.suse.com/935993
   https://bugzilla.suse.com/947518
   https://bugzilla.suse.com/952491



More information about the sle-security-updates mailing list