Descriptionmodules.d/90crypt/ in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dracut (PTS)buster048+80-2fixed
sid, trixie102-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dracutsource(unstable)(not affected)


- dracut <not-affected> (Vulnerable code not present)
This seem to be a SuSE specific issue. src:dracut does not contain unsafe
handling of a /tmp/ file in any checked version.

Search for package or bug name: Reporting problems