Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-13178

modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.

Related bugs and status

CVE-2019-13178 (Candidate) is related to these bugs:

Bug #1835095: Lubuntu initrd images leaking cryptographic secret when disk encryption is used

Summary				In	Importance	Status
	1835095	Lubuntu initrd images leaking cryptographic secret when disk encryption is used		calamares (Ubuntu)	Undecided	Fix Released
	1835095	Lubuntu initrd images leaking cryptographic secret when disk encryption is used		Calamares	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.launchpad...
MISC: https://bugs.launchpad...
MISC: https://github.com/cal...
MISC: https://www.pavelkogan...
MISC: https://www.pavelkogan...
MISC: https://github.com/cal...
MISC: https://bugzilla.redha...
CONFIRM: https://calamares.io/c...
CONFIRM: https://calamares.io/c...
FEDORA: FEDORA-2019-50ee491d76
FEDORA: FEDORA-2019-e61a85c2bb
SUSE: openSUSE-SU-2019:2628
SUSE: openSUSE-SU-2019:2654
SUSE: openSUSE-SU-2019:2655