• [SECURITY] [DSA 5070-1] cryptsetup security update

    From Yves-Alexis Perez@21:1/5 to All on Thu Feb 10 20:40:01 2022
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5070-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez February 10, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : cryptsetup
    CVE ID : CVE-2021-4122
    Debian Bug : 1003686 949336


    Milan Broz, its maintainer, discovered an issue in cryptsetup, the disk
    encryption configuration tool for Linux.

    LUKS2 (an on-disk format) online reencryption is an optional extension to
    allow a user to change the data reencryption key while the data device is
    available for use during the whole reencryption process.

    An attacker can modify on-disk metadata to simulate decryption in progress
    with crashed (unfinished) reencryption step and persistently decrypt part
    of the LUKS2 device (LUKS1 devices are indirectly affected as well, see

    This attack requires repeated physical access to the LUKS2 device but no
    knowledge of user passphrases.

    The decryption step is performed after a valid user activates the device
    with a correct passphrase and modified metadata.

    The size of possible decrypted data per attack step depends on configured
    LUKS2 header size (metadata size is configurable for LUKS2). With the
    default LUKS2 parameters (16 MiB header) and only one allocated keyslot
    (512 bit key for AES-XTS), simulated decryption with checksum resilience
    SHA1 (20 bytes checksum for 4096-byte blocks), the maximal decrypted size
    can be over 3GiB.

    The attack is not applicable to LUKS1 format, but the attacker can update
    metadata in place to LUKS2 format as an additional step. For such a
    converted LUKS2 header, the keyslot area is limited to decrypted size (with
    SHA1 checksums) over 300 MiB.

    LUKS devices that were formatted using a cryptsetup binary from Debian
    Stretch or earlier are using LUKS1. However since Debian Buster the default
    on-disk LUKS format version is LUKS2. In particular, encrypted devices
    formatted by the Debian Buster and Bullseye installers are using LUKS2 by

    Key truncation in dm-integrity

    This update additionaly fixes a key truncation issue for standalone
    dm-integrity devices using HMAC integrity protection. For existing such
    devices with extra long HMAC keys (typically >106 bytes of length), one
    might need to manually truncate the key using integritysetup(8)'s
    `--integrity-key-size` option in order to properly map the device under
    2:2.3.7-1+deb11u1 and later.

    Only standalone dm-integrity devices are affected. dm-crypt devices,
    including those using authenticated disk encryption, are unaffected.

    For the oldstable distribution (buster), this problem is not present.

    For the stable distribution (bullseye), this problem has been fixed in
    in version 2:2.3.7-1+deb11u1.

    We recommend that you upgrade your cryptsetup packages.

    For the detailed security status of cryptsetup please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/cryptsetup

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

    iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmIFZ6gACgkQ3rYcyPpX RFtuXwgAqiSmRn73X9qh6w5KPBUERn7Rg6XP6NuAyISv0YFmVb1h5ySLIrZX1mMS n9yfKmPY3izAUrl6qQdU/0htb4TSyv/kRrpkRcBlwaCCkVns+75Ogfg5US3m1xeb HxHN+0MXZuPRQfsD/hmDF3SdVX7P/Me6ihhDY8J0rQpYSdWqLUVlC9NxxloqUo6z kHvdUyREjis+xtq5LaQp4GSfv+AuJhdBzOssFL0gcC7TPOqWM3TOhL0gO8kNFKjS GrgG5GbdCkjKgGgz/B1gVy5HMWkMlc2ty+9SLxXpo4zFP+65yLeBjV5/L6s8zDxG M8bG5AMz3t6ymbY53bnCqIY4DR9QnA==
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)