[Bug 1660701] Re: Cryptsetup Initrd root Shell
Tyler Hicks
tyhicks at canonical.com
Fri Feb 3 16:45:51 UTC 2017
Hello Mark - Thanks for the bug report! We are aware of this flaw in
cryptsetup and have triaged it in the Ubuntu CVE Tracker:
http://people.canonical.com/~ubuntu-
security/cve/2016/CVE-2016-4484.html
We marked it as a low priority issue as there are several other ways
that you can get a root shell during the boot process. We don't plan to
put out security updates to our stable releases for this issue by
itself. However, we will include this fix if there is a more urgent
cryptsetup security issue that we address in the future.
** Information type changed from Private Security to Public Security
** Changed in: cryptsetup (Ubuntu)
Status: New => Triaged
** Changed in: cryptsetup (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1660701
Title:
Cryptsetup Initrd root Shell
Status in cryptsetup package in Ubuntu:
Triaged
Bug description:
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
http://seclists.org/oss-sec/2016/q4/427
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1660701/+subscriptions
More information about the foundations-bugs
mailing list