Sicherheit: Preisgabe von Informationen in cryptsetup

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8285315752681660978==
Content-Language: en-CA
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------oK22qywAbDGaTh0flDScI2tT"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------oK22qywAbDGaTh0flDScI2tT
Content-Type: multipart/mixed;
boundary="------------UheQVPwxiiL5nbWayiTmBFxs";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <5e976410-d524-a0d1-b4c6-9f207096e12a@canonical.com>
Subject: [USN-5286-1] cryptsetup vulnerability

--------------UheQVPwxiiL5nbWayiTmBFxs
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-5286-1
February 15, 2022

cryptsetup vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 20.04 LTS

Summary:

cryptsetup could be made to expose sensitive information.

Software Description:
- cryptsetup: disk encryption support

Details:

Milan Broz discovered that cryptsetup incorrectly handled LUKS2
reencryption recovery. An attacker with physical access to modify the
encrypted device header may trigger the device to be unencrypted the next
time it is mounted by the user.

On Ubuntu 20.04 LTS, this issue was fixed by disabling the online
reencryption feature.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
cryptsetup 2:2.3.7-0ubuntu0.21.10.1

Ubuntu 20.04 LTS:
cryptsetup 2:2.2.2-3ubuntu2.4

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5286-1
CVE-2021-4122

Package Information:
https://launchpad.net/ubuntu/+source/cryptsetup/2:2.3.7-0ubuntu0.21.10.1
https://launchpad.net/ubuntu/+source/cryptsetup/2:2.2.2-3ubuntu2.4

--------------UheQVPwxiiL5nbWayiTmBFxs--

--------------oK22qywAbDGaTh0flDScI2tT
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmIL3RMACgkQZWnYVadE
vpMnABAAtYaPIAVnlsWbi+67PPTnXY5B4kwZ5Dkyt5mYpsvA3IppCXedEngqTdGC
zjUfVvSoyq0UvgwdGd66JD3u/GTdDZVrwbNU1/2laTyJzoJENpn/NHiaBweG/7qa
WRCTkjJoMMPF449b8OgsjACg1aK7N+k9vTcihyo8Txc3GneMUly+twiyy8lFGjrE
n5JQKZySUmiadN9qODBTPhy04mkrAgZafwkqV89mAl/kqYV6N0TwqEtsIfnvCJnT
lrVn06DaMUHhhpwRm8+ZI23osVrqEiTLoMuKE4+/88cABAfovY3P7qlrO1LEDxG7
UoZUV84PRSvty8ZYOelAkiEU5BjsWnAxtGGLanLJGMg9HuvB3yVWCncTSn93YwGd
2YI1HP5+fk2Vvcs3QFogYKwg+mpVsTkSCnlp0lGOPZsX2aMUDPTvYNyUQT0UWGTr
nKTGRMtJgxRLWiRHSCi4sZxqgYKKWGk8vPXgUsAAPGcj081wvp98zO7cpOr2BvVA
p14ZSTZaby6QeWYDzdjnyG+aURu39vtx75261LXXN7a0Z2tV2HxtOZlzP1npo34l
f3WV6m+DG3dur4RIaOOhyk5bokmB1IpJ9ZxNmpbNZl2LmGtrQ8qT3LzAHrwdUsF6
FV7NauCLZ8EcT7HluiAZXqkgtmu87p0BgV0paqKtChVcqANw9oQ=
=9qvh
-----END PGP SIGNATURE-----

--------------oK22qywAbDGaTh0flDScI2tT--

--===============8285315752681660978==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============8285315752681660978==--