rpms
/
dracut
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

dracut-044-21 

- fixed permissions of initramfs file, if microcode is prepended
  CVE-2016-8637
This commit is contained in:
Harald Hoyer 2016-11-07 10:50:58 +01:00
parent ba0ad88af7
commit 894e54a968
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
0020-dracut.sh-create-the-initramfs-non-world-readable-al.patch Normal file
View File

@ -0,0 +1,27 @@
From 5372714971867a6f4baf4e8a6352d02d6327c1d1 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <astieger@suse.com>
Date: Mon, 7 Nov 2016 10:37:22 +0100
Subject: [PATCH] dracut.sh: create the initramfs non-world readable also if
early cpio is used
Fixes: 5f2c30d9bcd614d546d5c55c6897e33f88b9ab90
Previously fixed CVE-2012-4453: e1b48995c26c4f06d1a718539cb1bd5b0179af91
Signed-off-by: Andreas Stieger <astieger@suse.com>
---
dracut.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dracut.sh b/dracut.sh
index 6dc9858..07ea738 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -1697,7 +1697,7 @@ if [[ $create_early_cpio = yes ]]; then
# The microcode blob is _before_ the initramfs blob, not after
if ! (
- cd "$early_cpio_dir/d"
+ umask 077; cd "$early_cpio_dir/d"
find . -print0 | sort -z \
| cpio ${CPIO_REPRODUCIBLE:+--reproducible} --null $cpio_owner_root -H newc -o --quiet > "${DRACUT_TMPDIR}/initramfs.img"
); then

7
dracut.spec
View File

@ -16,7 +16,7 @@
Name: dracut
Version: 044
Release: 20%{?dist}
Release: 21%{?dist}
Summary: Initramfs generator using udev
%if 0%{?fedora} || 0%{?rhel}
@ -54,6 +54,7 @@ Patch16: 0016-dracut.sh-restorecon-final-image-file.patch
Patch17: 0017-add-support-to-F2FS-filesystem-fsck.patch
Patch18: 0018-fs-lib-add-crc32c-kernel-module-for-f2fs.patch
Patch19: 0019-fs-lib-f2fs-needs-crc32-not-crc32c.patch
Patch20: 0020-dracut.sh-create-the-initramfs-non-world-readable-al.patch
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
@ -514,6 +515,10 @@ rm -rf -- $RPM_BUILD_ROOT
%endif
%changelog
* Mon Nov 07 2016 Harald Hoyer <harald@redhat.com> - 044-21
- fixed permissions of initramfs file, if microcode is prepended
CVE-2016-8637
* Fri Jul 08 2016 Harald Hoyer <harald@redhat.com> - 044-20
- add correct crc32 kernel module for f2fs