rpm package
suse/dracut&distro=SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
pkg:rpm/suse/dracut&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-8637 | Med | 5.0 | < 044-108.1 | 044-108.1 | Aug 1, 2018 | A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, | |
| CVE-2017-9445 | Hig | 7.5 | < 044.1-109.8.3 | 044.1-109.8.3 | Jun 28, 2017 | In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer th |
- affected < 044-108.1fixed 044-108.1
A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files,
- affected < 044.1-109.8.3fixed 044.1-109.8.3
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer th