Ubuntu
cryptsetup package

CVE escalation request

Bug #1958926 reported by Chris Newcomer on 2022-01-24

262

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	cryptsetup (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

This bug is to request the Security team address a CVE. The information required is located in the following document:
https://docs.google.com/document/d/1pnH9UIQwgTYMKOB__xTEOyPy4K3BGK8OAbMpPwtjUqc/

I don't have the option to select the checkbox for "This bug is a security vulnerability". I added the flag to the URL when I created the bug, so I'm hoping it will be tagged correctly. If it is not, please forward this to the Security team.

Thanks,
Chris

CVE References

2021-4122

Revision history for this message

Chris Newcomer (cnewcomer) wrote on 2022-01-31:

I've seen the issues with backporting the upstream fix into 2.2 and it does not look like something that is recommended. I'm working with the customer to see if the workaround of using `--disable-luks2-reencryption` to mitigate their security concerns is a good solution.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-02-02:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cryptsetup (Ubuntu):
status:	New → Confirmed

Steve Langasek (vorlon) on 2022-02-02

information type:

Public → Public Security

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntucryptsetup package