This bug was fixed in the package calamares - 3.2.11-0ubuntu1
---
calamares (3.2.11-0ubuntu1) eoan; urgency=medium
* New upstream release.
* Proper handling of files and permissions with FDE: (LP: #1835095)
- CVE-2019-13178 Set proper umask for luks crypto_keyfile.
-
** Changed in: calamares
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835095
Title:
Lubuntu initrd images leaking cryptographic secret when disk
encryption is
The following CVE IDs have been issued for Calamares in this instance by
MITRE, IDs were requested via the CVE form:
CVE-2019-13178 was assigned for the race condition that Seth Arnold
identified in https://github.com/calamares/calamares/issues/1190
regarding unsafe UMask and file permissions
** Changed in: calamares
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835095
Title:
Lubuntu initrd images leaking cryptographic secret when disk
encryption is used
On 18.04, package cryptsetup provides /etc/cryptsetup-initramfs/conf-
hook which states:
# WARNING: If the initramfs image is to include private key material,
# you'll want to create it with a restrictive umask in order to keep
# non-privileged users at bay. For instance, set UMASK=0077 in
#
** Bug watch added: Calamares Issues #1191
https://github.com/calamares/calamares/issues/1191
** Also affects: calamares via
https://github.com/calamares/calamares/issues/1191
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of
** Package changed: initramfs-tools (Ubuntu) => calamares (Ubuntu)
** No longer affects: lubuntu-meta (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835095
Title:
Lubuntu initrd images
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: lubuntu-meta (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835095
** Also affects: lubuntu-meta (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835095
Title:
Lubuntu initrd images leaking cryptographic secret
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: initramfs-tools (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835095
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835095
Title:
Lubuntu initrd images leaking cryptographic secret when disk
encryption is
11 matches
Mail list logo