[pkg-cryptsetup-devel] Security issue (CVE-2021-4122) in cryptsetup 2:2.3.5-1

Yves-Alexis Perez corsac at debian.org
Tue Feb 1 10:11:45 GMT 2022 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Guilhem,

I took a look at the various proposals and here's my summary / feelings on
this.

On Fri, 2022-01-14 at 00:44 +0100, Guilhem Moulin wrote:
> Unlike what I claimed in #1003686, 60addcffa6794c29dccf33d8db5347f24b75f2fc
> alone isn't enough and I had to cherry-pick quite a few other commits.  It's
> essentially
> https://salsa.debian.org/cryptsetup-team/cryptsetup/-/compare/c80fce5f479231a95fcd91e54cd00350b0cc292b...d6649293a5fd3c0e08c6cd13e6d4b25d6479bf11
> minus d45e6788e8f55f1b3cf92893ecc66435edd43426 
[...]
Let's call this [backport-fix]
> 
> An alternative is to backport
> https://salsa.debian.org/cryptsetup-team/cryptsetup/-/commit/d45e6788e8f55f1b3cf92893ecc66435edd43426
> alone and build with --disable-luks2-reencryption, but I guess it's not
> an option to remove a feature (namely LUKS2 online reencryption) in a
> stable release.
[...]
Let's call this [disable-reencryption]
> 
> If we want to reduce the delta between Debian and upstream's 2.3 branch
> we could ship v2.3.7 instead, at the expense of a larger diff between
> bullseye and bullseye-security.  I leave that to you, but note that
> v2.3.6 was released during the freeze and while it fixed a rather nasty
> bug we decided not to ask the release team for an unblock request — see
> the discussion at https://bugs.debian.org/949336#78 .
[...]
Let's call this [2.3.7].

As far as I understand this (mostly from the release notes), the [2.3.7]
changes are:
- - v2.3.6 which was not pushed to frozen bullseye for reason explained in
#949336, including:
	- the nasty truncation bug fix [truncation-fix]
	- translation updates
	- code hardening
	- blake2b/blake2s hash support
- - v2.3.7 with mostly to changes:
	- the reencryption bug fix (CVE-2021-4122), full version of
[backport-fix]
	- [disable-reencryption]

I don't think [disable-reencryption] alone is really a good idea. We risk
preventing legitimate users to reencrypt their devices easily, while in the
attacker model I'm not sure it wouldn't be possible to replace the cryptsetup
binaries in the initramfs with an older, vulnerable one anyway (same thing for
any fixed version actually).

I'm usually inclined to follow upstream on security updates since they usually
know better their own software. Especially since the fix involves a large
number of commits anyway, I think it'd be best to get it through v2.3.7.

So the real question here, I guess, is whether we want to also get
[truncation-fix] in bullseye-security (and later bullseye), considering it was
initially skipped. I think that fix now had some exposure from unstable and
testing, and I think I'd be ok with letting it go to bullseye, but I'd welcome
other opinion on this.

Regards,
- -- 
Yves-Alexis
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmH5B2EACgkQ3rYcyPpX
RFt3zAf/diEfjRHK8HCEhnSiqocg1HtiMO93qHkaL2h8EU33S4NZwXIyjl2ZjZBR
HZzhLWJgfYWtdi0B/47uCwpWIFORWvl06MrFGBN8ZgEXxhlacz6uu55e4BeMbkQY
ZLrLOxEW3OJvMofmptC4g4Zgqxt6CBduNEDI8e7bifbiKV7vyH2T1fzeUDikpZwL
rU5FBxWxLdfoIip5mKtzH1MRAZhskju9vLNBCQCbMHG6u3s0rhKBsDMQ51kCABmu
ta9Cgco/fzpu0r14UcNYcSoDyCNIGSDU31soEpSEFeeAQL3hOrSKloUJckm6VKJF
5Av7ZpoQCRLMX3W6GeVVDcD62cYYBw==
=ZezC
-----END PGP SIGNATURE-----

More information about the pkg-cryptsetup-devel mailing list