SUSE-SU-2015:2065-1: moderate: Security update for dracut

sle-updates at sle-updates at
Fri Nov 20 10:10:17 MST 2015

   SUSE Security Update: Security update for dracut

Announcement ID:    SUSE-SU-2015:2065-1
Rating:             moderate
References:         #935338 #935993 #947518 #952491 
Cross-References:   CVE-2015-0794
Affected Products:
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12

   An update that solves one vulnerability and has three fixes
   is now available.


   The dracut package was updated to fix the following security and
   non-security issues:

   - CVE-2015-0794: Use mktemp instead of hardcoded filenames, possible
     vulnerability (bsc#935338).
   - Always install mdraid modules (bsc#935993).
   - Add notice when dracut failed to install modules (bsc#952491).
   - Always install dm-snaphost module if lvm dracut module is needed, even
     if dm-snapshot is not loaded on the host yet (bsc#947518).

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-877=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-877=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):


   - SUSE Linux Enterprise Desktop 12 (x86_64):



More information about the sle-updates mailing list