[pkg-cryptsetup-devel] Security issue (CVE-2021-4122) in cryptsetup 2:2.3.5-1
Guilhem Moulin
guilhem at debian.org
Thu Feb 10 17:49:57 GMT 2022
Hi correct,
The text looks good to me, however I believe that
On Thu, 10 Feb 2022 at 16:43:21 +0100, Yves-Alexis Perez wrote:
> On Debian default configurations the installer uses the LUKS1 format.
is incorrect. https://salsa.debian.org/installer-team/partman-crypto/-/blob/master/lib/crypto-base.sh#L223
doesn't pass `--type luks1` hence cryptsetup's own compiled-in default
version of the LUKS format is used. Since 2:2.1.0-1 (uploaded during
the Buster release cycle), that's LUKS2. (And that lead to a d-i
regression for D-I Buster RC1, namely #927165.) I therefore suggest to
replace that sentence with something like
LUKS devices that were formatted using a cryptsetup binary from
Debian Stretch or earlier are using LUKS1. However since Debian
Buster the default on-disk LUKS format version is LUKS2. In
particular, encrypted devices formatted by the Debian Buster and
Bullseye installers are using LUKS2 by default.
Cheers
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20220210/b7728871/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list