ALAS-2013-257


Amazon Linux AMI Security Advisory: ALAS-2013-257
Advisory Release Date: 2014-09-16 22:09 Pacific
Severity: Medium

Issue Overview:

It was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information. (CVE-2012-4453 )


Affected Packages:

dracut


Issue Correction:
Run yum update dracut to update your system.

New Packages:
noarch:
    dracut-tools-004-336.21.amzn1.noarch
    dracut-004-336.21.amzn1.noarch
    dracut-caps-004-336.21.amzn1.noarch
    dracut-kernel-004-336.21.amzn1.noarch
    dracut-fips-004-336.21.amzn1.noarch
    dracut-generic-004-336.21.amzn1.noarch
    dracut-fips-aesni-004-336.21.amzn1.noarch
    dracut-network-004-336.21.amzn1.noarch

src:
    dracut-004-336.21.amzn1.src