Source: calamares Version: 3.2.4-4 Severity: important Tags: security upstream Forwarded: https://github.com/calamares/calamares/issues/1191 Control: found -1 3.2.4-3
Hi, The following vulnerability was published for calamares. CVE-2019-13179[0]: | Calamares through 3.2.4 copies a LUKS encryption keyfile from | /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a | globally readable initramfs image with insecure permissions, which | allows this originally protected file to be read by any user, thereby | disclosing decryption keys for LUKS containers created with Full Disk | Encryption. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-13179 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13179 [1] https://github.com/calamares/calamares/issues/1191 Regards, Salvatore