Ubuntu
cryptsetup package

Cryptsetup Initrd root Shell

Bug #1660701 reported by Mark Foster on 2017-01-31

264

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	cryptsetup (Ubuntu)	Triaged	Low	Unassigned

Bug Description

http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
http://seclists.org/oss-sec/2016/q4/427

CVE References

2016-4484

Tyler Hicks (tyhicks) on 2017-02-03

information type:	Private Security → Public Security
Changed in cryptsetup (Ubuntu):
status:	New → Triaged
importance:	Undecided → Low

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2017-02-03:

Hello Mark - Thanks for the bug report! We are aware of this flaw in cryptsetup and have triaged it in the Ubuntu CVE Tracker:

http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4484.html

We marked it as a low priority issue as there are several other ways that you can get a root shell during the boot process. We don't plan to put out security updates to our stable releases for this issue by itself. However, we will include this fix if there is a more urgent cryptsetup security issue that we address in the future.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntucryptsetup package