MGASA-2012-0303
| Date: | October 20th, 2012 |
| Affected releases: | 2 |
Description:
The version of dracut shipped with Mageia 2 would generate initrds which
were readable by all users. On some setups, the initrd could be configured
to include sensitive files such as /etc/crypttab which may include plain
text encryption passwords (although the default would be to ask for
passwords on from the user on boot).
This updated version of dracut generates initrds which are only readable
by the root user.
Additionally, several fixes to the convertfs module have also been included
in this update. These fixes will be needed to upgrade to Mageia 3 and are
thus being made available now to Mageia 2 users.
Updated Packages:
dracut-017-16.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4453
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089825.html
https://bugs.mageia.org/show_bug.cgi?id=7806
