Sicherheit: Preisgabe von Informationen in calamares
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in calamares
ID: FEDORA-2016-561a937494
Distribution: Fedora
Plattformen: Fedora 25
Datum: Do, 1. Dezember 2016, 18:56
Referenzen: Keine Angabe
Applikationen: Calamares


Name        : calamares
Product : Fedora 25
Version : 2.4.4
Release : 5.fc25
URL : https://calamares.io/
Summary : Installer from a live CD/DVD/USB to disk
Description :
Calamares is a distribution-independent installer framework, designed to
from a live CD/DVD/USB environment to a hard disk. It includes a graphical
installation program based on Qt 5. This package includes the Calamares
framework and the required configuration files to produce a working replacement
for Anaconda's liveinst.

Update Information:

A security update that fixes Calamares bug CAL-405:
https://calamares.io/bugs/browse/CAL-405 When installing with a LUKS-encrypted
`/` partition, Calamares was always creating a keyfile to decode `/` and
it in the initramfs. It did that even with an unencrypted separate `/boot`
partition. As a result, the keyfile would be stored in cleartext on the `/boot`
partition, and it was possible to unlock the `/` partition without ever
a passphrase. This completely defeated the security of LUKS. Please note that
this only affects manual partitioning. The automatic partitioning never leaves
`/boot` unencrypted (and it is, in fact, recommended to also always encrypt
`/boot` when doing manual partitioning). This update fixes the `dracutlukscfg`
module to not add the keyfile to `install_items` in the `dracut` configuration
(so that `dracut` will not include it onto the initramfs) if `/boot` is
and unencrypted.

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade calamares' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Unterstützer werden
Neue Nachrichten