Medium: dracut

2014-09-16T22:09:00
ID ALAS-2013-257
Type amazon
Reporter Amazon
Modified 2014-09-16T22:09:00

Description

Issue Overview:

It was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information. (CVE-2012-4453 __)

Affected Packages:

dracut

Issue Correction:
Run yum update dracut to update your system.

New Packages:

noarch:  
    dracut-tools-004-336.21.amzn1.noarch  
    dracut-004-336.21.amzn1.noarch  
    dracut-caps-004-336.21.amzn1.noarch  
    dracut-kernel-004-336.21.amzn1.noarch  
    dracut-fips-004-336.21.amzn1.noarch  
    dracut-generic-004-336.21.amzn1.noarch  
    dracut-fips-aesni-004-336.21.amzn1.noarch  
    dracut-network-004-336.21.amzn1.noarch

src:  
    dracut-004-336.21.amzn1.src