A security issue fixed upstream in cryptsetup has been announced today (January 13): https://www.openwall.com/lists/oss-security/2022/01/13/2 The issue is fixed upstream in 2.3.7 and 2.4.3. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 2.3.7 and 2.4.3Whiteboard: (none) => MGA8TOO
Summary: cryptsetup-2.4.2-1.mga9.src.rpm => cryptsetup new security issue CVE-2021-4122Source RPM: (none) => cryptsetup-2.4.2-1.mga9.src.rpm
Looks best to assign this to tv.
Assignee: bugsquad => thierry.vignaud
Fedora has issued an advisory for this today (January 16): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Q3X2XSITPE2AHKJ5OODUTHFKESE6BZPY/
cryptsetup-2.4.3-1.mga9 uploaded for Cauldron by Mike.
Version: Cauldron => 8CC: (none) => mramboWhiteboard: MGA8TOO => (none)
openSUSE has issued an advisory for this on January 20: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ILTMKWZNQBSX2H2MPF3XKXVDEDPDYAIB/
Updated package uploaded for Mageia 8. Advisory: ======================== Updated cryptsetup package fixes security vulnerability: An attacker can modify on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step and persistently decrypt part of the LUKS device (CVE-2021-4122). References: https://www.openwall.com/lists/oss-security/2022/01/13/2 ======================== Updated packages in core/updates_testing: ======================== cryptsetup-2.3.7-1.mga8.x86_64.rpm lib64cryptsetup12-2.3.7-1.mga8.x86_64.rpm lib64cryptsetup-devel-2.3.7-1.mga8.x86_64.rpm from cryptsetup-2.3.7-1.mga8.src.rpm
Assignee: thierry.vignaud => qa-bugs
Status comment: Fixed upstream in 2.3.7 and 2.4.3 => (none)
MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues # cryptsetup -V cryptsetup 2.3.7 Tried to read the man pages, but that's not in my league. Same goes for https://www.thegeekstuff.com/2016/03/cryptsetup-lukskey/. Leaving for someone else
CC: (none) => herman.viaene
CC: (none) => bequimao.de
The following 2 packages are going to be installed: - cryptsetup-2.3.7-1.mga8.x86_64 - lib64cryptsetup12-2.3.7-1.mga8.x86_64 --- I'm going to encrypt a usb drive following instructions in https://linuxhint.com/encrypt-data-usb-linux/ # umount /dev/sdb1 # cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb YES enter your passphrase, etc. -- now open the drive # cryptsetup luksOpen /dev/sdb luksdrive format drive - I recommend using gparted to make it really work after formatting and mounting the drive I ended changing the owner of the mount to my user-id. This allowed me to save files to the drive.
Whiteboard: (none) => MGA8-64-OKCC: (none) => brtians1
I have a LUKS-encrypted /home on my test instance. No regression found.
Validating. Advisory in Comment 5.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0047.html
Status: NEW => RESOLVEDResolution: (none) => FIXED