Explore top 10 tips to secure your open-source projects now. Read More
×
A security update that fixes Calamares bug CAL-405: When installing with a LUKS-encrypted `/` partition, Calamares was always creating a keyfile to decode `/` and storing it in the initramfs. It did that even with an unencrypted separate `/boot` partition. As a result, the keyfile would be stored in cleartext on the `/boot`. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-561a937494 2016-12-01 14:02:42.299707 -------------------------------------------------------------------------------- Name : calamares Product : Fedora 25 Version : 2.4.4 Release : 5.fc25 URL : https://calamares.io/ Summary : Installer from a live CD/DVD/USB to disk Description : Calamares is a distribution-independent installer framework, designed to install from a live CD/DVD/USB environment to a hard disk. It includes a graphical installation program based on Qt 5. This package includes the Calamares framework and the required configuration files to produce a working replacement for Anaconda's liveinst. -------------------------------------------------------------------------------- Update Information: A security update that fixes Calamares bug CAL-405: When installing with a LUKS-encrypted `/` partition, Calamares was always creating a keyfile to decode `/` and storing it in the initramfs. It did that even with an unencrypted separate `/boot` partition. As a result, the keyfile would be stored in cleartext on the `/boot` partition, and it was possible to unlock the `/` partition without ever entering a passphrase. This completely defeated the security of LUKS. Please note that this only affects manual partitioning. The automatic partitioning never leaves `/boot` unencrypted (and it is, in fact, recommended to also always encrypt `/boot` when doing manual partitioning). This update fixes the `dracutlukscfg` module to not add the keyfile to `install_items` in the `dracut` configuration (so that `dracut` will not include it ontothe initramfs) if `/boot` is separate and unencrypted. -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade calamares' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.