1393912 – CVE-2016-8637 dracut: Local information disclosure of initramfs when early cpio is used

Bug 1393912 - CVE-2016-8637 dracut: Local information disclosure of initramfs when early cpio is used

Summary: CVE-2016-8637 dracut: Local information disclosure of initramfs when early cp...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	dracut
Sub Component:
Version:	7.4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Lukáš Nykrýn
QA Contact:	Release Test Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	CVE-2016-8637
TreeView+	depends on / blocked

Reported:	2016-11-10 15:30 UTC by Lukáš Nykrýn
Modified:	2016-12-01 18:04 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	CVE-2016-8637
Environment:
Last Closed:	2016-12-01 18:04:11 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Comment 1 Dhiru Kholia 2016-11-11 08:34:54 UTC

Hi,

Please note that RHEL 7.3 and RHEL 7.4 are not affected by this bug (0396-dracut-only-use-one-tmpdir.patch fixes this flaw, perhaps accidentally). RHEL 7.0, RHEL 7.1 and RHEL 7.2 are affected. 

The Product Security team has rated this flaw as having a moderate security impact. So there won't be any 7.0.z / 7.1.z / 7.2.z security errata (RHSA) for this bug.

Note You need to log in before you can comment on or make changes to this bug.