| Summary: | cryptsetup new security issue CVE-2021-4122 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, bequimao.de, brtians1, davidwhodgins, herman.viaene, mhrambo3501, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | cryptsetup-2.4.2-1.mga9.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-01-13 17:07:40 CET
David Walser
2022-01-13 17:07:57 CET
Status comment:
(none) =>
Fixed upstream in 2.3.7 and 2.4.3
David Walser
2022-01-13 17:09:36 CET
Summary:
cryptsetup-2.4.2-1.mga9.src.rpm =>
cryptsetup new security issue CVE-2021-4122 Looks best to assign this to tv. Assignee:
bugsquad =>
thierry.vignaud Fedora has issued an advisory for this today (January 16): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Q3X2XSITPE2AHKJ5OODUTHFKESE6BZPY/ cryptsetup-2.4.3-1.mga9 uploaded for Cauldron by Mike. Version:
Cauldron =>
8 openSUSE has issued an advisory for this on January 20: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ILTMKWZNQBSX2H2MPF3XKXVDEDPDYAIB/ Updated package uploaded for Mageia 8. Advisory: ======================== Updated cryptsetup package fixes security vulnerability: An attacker can modify on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step and persistently decrypt part of the LUKS device (CVE-2021-4122). References: https://www.openwall.com/lists/oss-security/2022/01/13/2 ======================== Updated packages in core/updates_testing: ======================== cryptsetup-2.3.7-1.mga8.x86_64.rpm lib64cryptsetup12-2.3.7-1.mga8.x86_64.rpm lib64cryptsetup-devel-2.3.7-1.mga8.x86_64.rpm from cryptsetup-2.3.7-1.mga8.src.rpm Assignee:
thierry.vignaud =>
qa-bugs
David Walser
2022-01-29 04:07:07 CET
Status comment:
Fixed upstream in 2.3.7 and 2.4.3 =>
(none) MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues # cryptsetup -V cryptsetup 2.3.7 Tried to read the man pages, but that's not in my league. Same goes for https://www.thegeekstuff.com/2016/03/cryptsetup-lukskey/. Leaving for someone else CC:
(none) =>
herman.viaene
Ulrich Beckmann
2022-02-02 18:50:51 CET
CC:
(none) =>
bequimao.de The following 2 packages are going to be installed: - cryptsetup-2.3.7-1.mga8.x86_64 - lib64cryptsetup12-2.3.7-1.mga8.x86_64 --- I'm going to encrypt a usb drive following instructions in https://linuxhint.com/encrypt-data-usb-linux/ # umount /dev/sdb1 # cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb YES enter your passphrase, etc. -- now open the drive # cryptsetup luksOpen /dev/sdb luksdrive format drive - I recommend using gparted to make it really work after formatting and mounting the drive I ended changing the owner of the mount to my user-id. This allowed me to save files to the drive. Whiteboard:
(none) =>
MGA8-64-OK I have a LUKS-encrypted /home on my test instance. No regression found.
Thomas Andrews
2022-02-02 22:09:08 CET
CC:
(none) =>
andrewsfarm, sysadmin-bugs
Dave Hodgins
2022-02-03 20:45:53 CET
CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0047.html Status:
NEW =>
RESOLVED |