summaryrefslogtreecommitdiff
path: root/ChangeLog.rss
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2022-01-14 05:24:07 +0000
committerEric Hameleers <alien@slackware.com>2022-01-14 17:59:55 +0100
commitd4f4bf11e34db496e8f46f7b4f67b886ce852495 (patch)
treed6b123f8be106078b2c912095d95479d8c592ed9 /ChangeLog.rss
parent1d3ade18ad1e71f28678eca06d96fe4dbaf8dedc (diff)
downloadcurrent-d4f4bf11e34db496e8f46f7b4f67b886ce852495.tar.gz
Fri Jan 14 05:24:07 UTC 202220220114052407
a/cryptsetup-2.4.3-x86_64-1.txz: Upgraded. This update addresses a multi-step attack on LUKS2 format by orchestrating LUKS2 reencryption metadata in existing LUKS2 header. An attacker is able to trigger permanent data decryption (ciphertext->plaintext transformation) on part of data device on next LUKS2 device activation. Attacker does _not_ have to know passphrase or decrypted volume encryption key. cryptsetup versions older than 2.2.0 are not affected by this, because they do not support online LUKS2 reencryption. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4122 (* Security fix *)
Diffstat (limited to 'ChangeLog.rss')
-rw-r--r--ChangeLog.rss25
1 files changed, 23 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index fcfbece1..33182c54 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,31 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
- <pubDate>Wed, 12 Jan 2022 22:04:33 GMT</pubDate>
- <lastBuildDate>Thu, 13 Jan 2022 07:59:45 GMT</lastBuildDate>
+ <pubDate>Fri, 14 Jan 2022 05:24:07 GMT</pubDate>
+ <lastBuildDate>Fri, 14 Jan 2022 16:59:45 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.13</generator>
<item>
+ <title>Fri, 14 Jan 2022 05:24:07 GMT</title>
+ <pubDate>Fri, 14 Jan 2022 05:24:07 GMT</pubDate>
+ <link>https://git.slackware.nl/current/tag/?h=20220114052407</link>
+ <guid isPermaLink="false">20220114052407</guid>
+ <description>
+ <![CDATA[<pre>
+a/cryptsetup-2.4.3-x86_64-1.txz: Upgraded.
+ This update addresses a multi-step attack on LUKS2 format by orchestrating
+ LUKS2 reencryption metadata in existing LUKS2 header. An attacker is able to
+ trigger permanent data decryption (ciphertext->plaintext transformation) on
+ part of data device on next LUKS2 device activation. Attacker does _not_
+ have to know passphrase or decrypted volume encryption key.
+ cryptsetup versions older than 2.2.0 are not affected by this, because they
+ do not support online LUKS2 reencryption.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4122
+ (* Security fix *)
+ </pre>]]>
+ </description>
+ </item>
+ <item>
<title>Wed, 12 Jan 2022 22:04:33 GMT</title>
<pubDate>Wed, 12 Jan 2022 22:04:33 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20220112220433</link>