Mageia forum

If you have encrypted your system partition, you have an unexpected and potentially serious vulnerability in your system.

http://hmarco.org/bugs/CVE-2016-4484/CV ... l.html#fix

Curiously enough, the system partition is the only partition on my system that is NOT encrypted: I consider disaster recovery to be too difficult if it is encrypted. To avoid information leakage, I symlink those things that are sensitive (such as all of /var and /tmp) to other volumes that are encrypted.

Just for reference, as that vulnerability is reported against the debian cryptsetup package, did you check whether an mga5 or mga6 system is affected the same way? Or if RHEL/CentOS or derivates are affected, as that would be more close to our initscripts.

The article says it has been verified against distros that use dracut, including Fedora.

I would have to put together a system specifically to test this. I don't have the time.

Ahh, in the fine print for the update:

Other systems affected by a similar (or the same) issue

Systems that use Dracut instead of initramfs are also vulnerable. (tested on Fedora 24 x86_64). Note that if the grub password is setted at installation time on Fedora the rd.shell is set to zero preventing this attack. Thanks to Lubomir for reporting this.

So using a grub password would also prevent this attack, until an update is available from the Mageia repositories.
One can follow up using the bugreport for this issue: https://bugs.mageia.org/show_bug.cgi?id=19800