Login-Name Passwort


Sicherheit: Preisgabe von Informationen in calamares
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in calamares
ID: FEDORA-2016-5c7e9b8778
Distribution: Fedora
Plattformen: Fedora 24
Datum: Fr, 2. Dezember 2016, 00:10
Referenzen: Keine Angabe


Name        : calamares
Product : Fedora 24
Version : 2.4.4
Release : 5.fc24
URL : https://calamares.io/
Summary : Installer from a live CD/DVD/USB to disk
Description :
Calamares is a distribution-independent installer framework, designed to
from a live CD/DVD/USB environment to a hard disk. It includes a graphical
installation program based on Qt 5. This package includes the Calamares
framework and the required configuration files to produce a working replacement
for Anaconda's liveinst.

Update Information:

A security update that fixes Calamares bug CAL-405:
https://calamares.io/bugs/browse/CAL-405 When installing with a LUKS-encrypted
`/` partition, Calamares was always creating a keyfile to decode `/` and
it in the initramfs. It did that even with an unencrypted separate `/boot`
partition. As a result, the keyfile would be stored in cleartext on the `/boot`
partition, and it was possible to unlock the `/` partition without ever
a passphrase. This completely defeated the security of LUKS. Please note that
this only affects manual partitioning. The automatic partitioning never leaves
`/boot` unencrypted (and it is, in fact, recommended to also always encrypt
`/boot` when doing manual partitioning). This update fixes the `dracutlukscfg`
module to not add the keyfile to `install_items` in the `dracut` configuration
(so that `dracut` will not include it onto the initramfs) if `/boot` is
and unencrypted.

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade calamares' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Traut euch!
Neue Nachrichten