Hi all, just little bit clarification about CVE-2016-4484 http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html This bug is *NOT* cryptsetup/LUKS upstream bug, it is a minor problem in scripts unlocking an encrypted system. It allows attacker to drop to initramdisk shell (without decryption of LUKS data). The scripts are part of Debian cryptsetup package (as an addition to upstream) or part of dracut package (if dracut is used). (The info about the problem was embargoed until the talk and only Debian maintainers were informed in advance.) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
