Amazon Linux 1 Security Advisory: ALAS-2013-257
Advisory Release Date: 2013-12-11 20:33 Pacific
Advisory Updated Date: 2014-09-16 22:09 Pacific
It was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information. (CVE-2012-4453)
Affected Packages:
dracut
Issue Correction:
Run yum update dracut to update your system.
noarch:
dracut-tools-004-336.21.amzn1.noarch
dracut-004-336.21.amzn1.noarch
dracut-caps-004-336.21.amzn1.noarch
dracut-kernel-004-336.21.amzn1.noarch
dracut-fips-004-336.21.amzn1.noarch
dracut-generic-004-336.21.amzn1.noarch
dracut-fips-aesni-004-336.21.amzn1.noarch
dracut-network-004-336.21.amzn1.noarch
src:
dracut-004-336.21.amzn1.src