diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:06:26 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:06:26 +0000 |
commit | fd888e850cf413955483bfb993aeeea5ea611289 (patch) | |
tree | 6148fed3d1f30272c48403f4cdefa59c2b7e1513 /debian/cryptsetup-initramfs.NEWS | |
parent | Adding upstream version 2:2.6.1. (diff) | |
download | cryptsetup-fd888e850cf413955483bfb993aeeea5ea611289.tar.xz cryptsetup-fd888e850cf413955483bfb993aeeea5ea611289.zip |
Adding debian version 2:2.6.1-4~deb12u2.debian/2%2.6.1-4_deb12u2debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/cryptsetup-initramfs.NEWS')
-rw-r--r-- | debian/cryptsetup-initramfs.NEWS | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/debian/cryptsetup-initramfs.NEWS b/debian/cryptsetup-initramfs.NEWS new file mode 100644 index 0000000..0f60251 --- /dev/null +++ b/debian/cryptsetup-initramfs.NEWS @@ -0,0 +1,15 @@ +cryptsetup (2:2.0.3-2) unstable; urgency=medium + + In order to defeat online brute-force attacks, the initramfs boot + script sleeps for 1 second after each failed try. On the other + hand, it no longer sleeps for a full minute after exceeding the + maximum number of unlocking tries. This behavior was added in + 2:1.7.3-2 as an attempt to mitigate CVE-2016-4484; to avoid dropping + to the debug shell after exceeding the maximum number of unlocking + tries, users need to use the 'panic' boot parameter and lock down + their boot loader & BIOS/UEFI. + + The initramfs hook nows uses /proc/mounts instead of /etc/fstab to + detect the root device that is to be unlocked at initramfs stage. + + -- Guilhem Moulin <guilhem@debian.org> Fri, 15 Jun 2018 18:50:56 +0200 |