Debian Dracut vulnerabilities

CVE-2016-8637 [MEDIUM] CVE-2016-8637: dracut - A local information disclosure issue was found in dracut before 045 when generat... A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials. Scope: local bookworm: resolved (fixed in 044+189

CVE-2015-0794 [LOW] CVE-2015-0794: dracut - modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in op... modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-4453 [LOW] CVE-2012-4453: dracut - dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, an... dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. Scope: local bookworm: resolved (fixed in 020-1.1) bullseye: resolved (fixed in 020-1.1) forky: resolved (fixed in 020-1.1) sid: resolved (fixed

CVE-2010-4176 [MEDIUM] CVE-2010-4176: dracut - plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, set... plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved