Описание
Security update for cryptsetup
This update for cryptsetup fixes the following issues:
- CVE-2021-4122: Fixed possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery (bsc#1194469).
Список пакетов
SUSE Package Hub 15 SP4
libvarnishapi3-7.1.0-bp154.2.3.1
varnish-7.1.0-bp154.2.3.1
varnish-devel-7.1.0-bp154.2.3.1
openSUSE Leap 15.3
cryptsetup-2.3.7-150300.3.5.1
cryptsetup-lang-2.3.7-150300.3.5.1
libcryptsetup-devel-2.3.7-150300.3.5.1
libcryptsetup12-2.3.7-150300.3.5.1
libcryptsetup12-32bit-2.3.7-150300.3.5.1
libcryptsetup12-hmac-2.3.7-150300.3.5.1
libcryptsetup12-hmac-32bit-2.3.7-150300.3.5.1
openSUSE Leap 15.4
libvarnishapi3-7.1.0-bp154.2.3.1
varnish-7.1.0-bp154.2.3.1
varnish-devel-7.1.0-bp154.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2022:0144-1
- SUSE Security Ratings
- SUSE Bug 1194469
- SUSE CVE CVE-2021-4122 page
Описание
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.
Затронутые продукты
SUSE Package Hub 15 SP4:libvarnishapi3-7.1.0-bp154.2.3.1
SUSE Package Hub 15 SP4:varnish-7.1.0-bp154.2.3.1
SUSE Package Hub 15 SP4:varnish-devel-7.1.0-bp154.2.3.1
openSUSE Leap 15.3:cryptsetup-2.3.7-150300.3.5.1
Ссылки
- CVE-2021-4122
- SUSE Bug 1194469