Ask Your Question
2

Cryptsetup vulnerability - when will it be taken care of?

asked 2016-11-21 10:08:44 -0600

deshmukh gravatar image

This link talks about a serious vulnerability of cryptsetup.

My disk is encrypted and the system is updated. I could enter the shell as described in the above link by hitting Enter for for than a minute.

When shoud we expect Fedora to take care of this vulnerability?

edit retag flag offensive close merge delete

Comments

As far as i understand this bug, it "only" results in a terminal with root permissions. Your data is still encrypted! And if some bad guy is able to gain physical access to your device you're f*cked up anyway - with physical access everybody can be root, with or without this vulnerability.

jake gravatar imagejake ( 2016-11-22 08:04:51 -0600 )edit

@jake I could not understand the article referred to in the link fully but what I gather is there is a possibility of remote access AFTER the initial physical access. That is scary, IMHO.

deshmukh gravatar imagedeshmukh ( 2016-11-24 07:16:01 -0600 )edit

That's a point i didn't even think of, your absolutely right, that is scary!

jake gravatar imagejake ( 2016-11-25 01:08:23 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted
1

answered 2016-11-21 16:16:07 -0600

sideburns gravatar image

A little research shows me that cryptsetup is a front-end for dm-crypt, which is neither written nor maintained by the Fedora Project. Thus, Fedora can't directly deal with this issue. All you can do is wait until the project's maintainers release a patch, after which it will be provided as an update as soon as it's been tested.

edit flag offensive delete link more

Question Tools

1 follower

Stats

Asked: 2016-11-21 10:08:44 -0600

Seen: 130 times

Last updated: Nov 21 '16