Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-4484

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.

Related bugs and status

CVE-2016-4484 (Candidate) is related to these bugs:

Bug #1660701: Cryptsetup Initrd root Shell

Summary				In	Importance	Status
	1660701	Cryptsetup Initrd root Shell		cryptsetup (Ubuntu)	Low	Triaged

Bug #1781912: Upgrade cryptsetup >= 2.0.3

Summary				In	Importance	Status
	1781912	Upgrade cryptsetup >= 2.0.3		cryptsetup (Ubuntu)	Undecided	Fix Released
	1781912	Upgrade cryptsetup >= 2.0.3		Ubuntu on IBM z Systems	High	Won't Fix

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016111...
MLIST: [oss-security] 2016111...
MLIST: [oss-security] 2016111...
MLIST: [oss-security] 2016111...
MISC: http://hmarco.org/bugs...
MISC: https://gitlab.com/cry...
BID: 94315