diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:31:20 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:31:20 +0000 |
| commit | 82ff52e0800702dee9402f8efe13dbc02e5883d2 (patch) | |
| tree | 2f1704ba1a30bffc1f66bf5fb51c48431c24f6fa /debian/cryptsetup-initramfs.NEWS | |
| parent | Adding upstream version 2:2.1.0. (diff) | |
| download | cryptsetup-82ff52e0800702dee9402f8efe13dbc02e5883d2.tar.xz cryptsetup-82ff52e0800702dee9402f8efe13dbc02e5883d2.zip | |
Adding debian version 2:2.1.0-5+deb10u2.debian/2%2.1.0-5+deb10u2debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/cryptsetup-initramfs.NEWS')
| -rw-r--r-- | debian/cryptsetup-initramfs.NEWS | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/debian/cryptsetup-initramfs.NEWS b/debian/cryptsetup-initramfs.NEWS new file mode 100644 index 0000000..0f60251 --- /dev/null +++ b/debian/cryptsetup-initramfs.NEWS @@ -0,0 +1,15 @@ +cryptsetup (2:2.0.3-2) unstable; urgency=medium + + In order to defeat online brute-force attacks, the initramfs boot + script sleeps for 1 second after each failed try. On the other + hand, it no longer sleeps for a full minute after exceeding the + maximum number of unlocking tries. This behavior was added in + 2:1.7.3-2 as an attempt to mitigate CVE-2016-4484; to avoid dropping + to the debug shell after exceeding the maximum number of unlocking + tries, users need to use the 'panic' boot parameter and lock down + their boot loader & BIOS/UEFI. + + The initramfs hook nows uses /proc/mounts instead of /etc/fstab to + detect the root device that is to be unlocked at initramfs stage. + + -- Guilhem Moulin <guilhem@debian.org> Fri, 15 Jun 2018 18:50:56 +0200 |