Hi, gagz: > [email protected]: >> Hi, does the new LUKS 2 vulnerability affect all previous and current >> version >> of Tails? >> Should we be concerned about the persistent storage feature? > > If I understand correctly, no and no. > If I'm not mistaken, the vulnerability affects LUKS2 volumes created > using cryptsetup since version 2.2.0, but Tails ships 2.1. > > But I might be wrong. > > [...] > > This is sensitive topic so please double check what I'm saying! >> >> *CVE-2021-4122: cryptsetup 2.x: decryption through LUKS2 reencryption >> crash >> recovery* >> https://seclists.org/oss-sec/2022/q1/34
Thanks for the link and the explanation. After due verification, depending how much this bug gets public, it may worth to issue a short simple language statement on tails.boum.org/news or just even twitter, as the bug description and attack scenario could IMHO be a bit scarring for Tails users: https://bugzilla.redhat.com/show_bug.cgi?id=2032401 (through, well, an attacker could also modify the system in that case). cheers, geb _______________________________________________ Tails-dev mailing list [email protected] https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
