CVE-2016-8637

NameCVE-2016-8637
Descriptiondracut creates world readble initramfs when early cpio is used
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs843697

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dracut (PTS)jessie040+1-1vulnerable
stretch044+241-3fixed
buster047+31-1fixed
sid047+31-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dracutsource(unstable)044+189-1low843697
dracutsourcewheezy(not affected)

Notes

[jessie] - dracut <no-dsa> (Minor issue)
[wheezy] - dracut <not-affected> (Introduced in 030 upstream)
Fixed by: http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=0db98910a11c12a454eac4c8e86dc7a7bbc764a4
Introduced by: http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=5f2c30d9bcd614d546d5c55c6897e33f88b9ab90 (030)

Search for package or bug name: Reporting problems