diff options
| author | Raphael Geissert <geissert@debian.org> | 2009-12-05 03:59:03 +0000 |
|---|---|---|
| committer | Raphael Geissert <geissert@debian.org> | 2009-12-05 03:59:03 +0000 |
| commit | 27993d7f5dcd0dea308fbb4e5ac43264efdc45d0 (patch) | |
| tree | 4a0d161b917847a352d59640251ec1b44c45642a | |
| parent | dc9f0d76564c46094744b55c98a8dd2e374ff302 (diff) | |
retire dm-crypt issue
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1635 e094ebfe-e918-0410-adfb-c712417f3574
| -rw-r--r-- | ignored/CVE-2004-2136 | 20 | ||||
| -rw-r--r-- | retired/CVE-2004-2136 (renamed from active/CVE-2004-2136) | 18 |
2 files changed, 7 insertions, 31 deletions
diff --git a/ignored/CVE-2004-2136 b/ignored/CVE-2004-2136 deleted file mode 100644 index b058dc3a..00000000 --- a/ignored/CVE-2004-2136 +++ /dev/null @@ -1,20 +0,0 @@ -Candidate: CVE-2004-2136 -References: - http://marc.theaimsgroup.com/?l=linux-kernel&m=107719798631935&w=2 - http://mareichelt.de/pub/notmine/diskenc.pdf - http://www.securiteam.com/exploits/5UP0P1PFPM.html -Description: - dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a - block size 1024 or greater, has certain "IV computation" weaknesses that - allow watermarked files to be detected without decryption. -Notes: - jmm> IIRC there was some serious flaming about the different disk encryption systems, - jmm> I'm not sure whether this has been addressed or how real it is - jmm> 2.4 doesn't have dm-crypt, though -Bugs: -upstream: -linux-2.6: -2.6.8-sarge-security: ignored (2.6.8-16sarge5) -2.4.27-sarge-security: N/A -2.6.18-etch-security: ignored - diff --git a/active/CVE-2004-2136 b/retired/CVE-2004-2136 index 49a65083..741f9237 100644 --- a/active/CVE-2004-2136 +++ b/retired/CVE-2004-2136 @@ -8,15 +8,11 @@ References: http://mareichelt.de/pub/notmine/diskenc.pdf http://mareichelt.de/pub/texts.cryptoloop.php?alt_styles=2 Notes: - - i am 99% sure that these issues still affect the latest kernels - - debian-installer only supports loop-aes and dm-crypt (i believe), - which are known to be not affected by these issues, so most users - are not affected - - perhaps a solution would be to disable cryptoloop? - - i have started an lkml thread: http://lkml.org/lkml/2009/12/2/232 + a bunch of patches were applied to 2.6.10 to address the "IV computation" weakness. + see: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.10 Bugs: -upstream: -linux-2.6: -2.6.18-etch-security: -2.6.24-etch-security: -2.6.26-lenny-security: +upstream: released (2.6.10) +linux-2.6: released (2.6.10-1) +2.6.18-etch-security: N/A "fixed in 2.6.10" +2.6.24-etch-security: N/A "fixed in 2.6.10" +2.6.26-lenny-security: N/A "fixed in 2.6.10" |