[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell
From: |
Ludovic Courtès |
Subject: |
Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell |
Date: |
Tue, 15 Nov 2016 11:35:12 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Hi Leo,
Leo Famulari <address@hidden> skribis:
> On Mon, Nov 14, 2016 at 08:45:51PM +0000, Hector Marco wrote:
>> Hello All,
>>
>> Affected package
>> ----------------
>> Cryptsetup <= 2:1
>
> Hi,
>
> Can you clarify which versions are affected?
>
> The latest upstream version is 1.7.3:
>
> https://gitlab.com/cryptsetup/cryptsetup/commits/master
>
> What is the 2:1 version?
FWIW GuixSD does not use the vulnerable shell scripts mentioned in
<http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html>.
They are not even installed in our ‘cryptsetup’ package.
Ludo’.
- Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell,
Ludovic Courtès <=