LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mageia alert MGASA-2012-0303 (dracut)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2012-0303: dracut-017-16.1.mga2 (2/core) 


Date:
    	      Sat, 20 Oct 2012 17:43:00 +0200


Message-ID:
    	      <20121020154300.GA27971@valstar.mageia.org>


Archive-link:
    	      Article, Thread
              


MGASA-2012-0303
Date: 	October 20th, 2012
Affected releases: 	2


Description:
The version of dracut shipped with Mageia 2 would generate initrds which
were readable by all users. On some setups, the initrd could be configured
to include sensitive files such as /etc/crypttab which may include plain
text encryption passwords (although the default would be to ask for
passwords on from the user on boot).

This updated version of dracut generates initrds which are only readable
by the root user.

Additionally, several fixes to the convertfs module have also been included
in this update. These fixes will be needed to upgrade to Mageia 3 and are
thus being made available now to Mageia 2 users.


Updated Packages:
dracut-017-16.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4453
http://lists.fedoraproject.org/pipermail/package-announce...
https://bugs.mageia.org/show_bug.cgi?id=7806
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds