Skip to navigation

Bug Fix Advisory cryptsetup-luks bug fix and enhancement update

Advisory: RHBA-2011:0597-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2011-05-19
Last updated on: 2011-05-19
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated cryptsetup-luks packages that fix several bugs and add various
enhancements are now available for Red Hat Enterprise Linux 6.

The cryptsetup-luks packages provide the utility allowing users to set up
encrypted devices with the Device Mapper and the dm-crypt target.

The cryptsetup-luks package has been upgraded to upstream version 1.2.0, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#658817)

In addition, these updated cryptsetup-luks packages provide fixes for the
following bugs:

* Previously, cryptsetup printed twice the error message notifying the user that
the queried device did not exist. With this update, the underlying code was
changed and the error message is displayed once. (BZ#612963)

* Prior to this update, when the user attempted to encrypt a device with the MD4
or MD5 hash algorithm, cryptsetup did not alert the user that the encryption
with those algorithms was not supported, had failed, and that therefore the
device could not be used. With this update, cryptsetup terminates the process
and prints a message advising the user to check if the required encryption
method is supported. (BZ#623121)

* Previously, cryptsetup did not remove keys as soon as possible from device
control buffers and therefore did not follow FIPS (Federal Information
Processing Standard). With this update, the underlying code has been changed and
the keys are removed from the buffers as soon as possible. (BZ#674825)

* Previously, if the user issued the "cryptsetup luksRemoveKey" command with the
"--key-file" parameter, the command removed the key defined in the standard
input. With this update, such command removes the key defined in the
"--key-file" parameter. (BZ#677634)

* Prior to this update, when updating with the "yum update" command, the
device-mapper-libs package was not updated. This occurred because the previous
version of the cryptsetup package was compatible with any version of the
package. This update adds the dependency to the cryptsetup package and the
device-mapper-libs is updated to provide the compatible device-mapper-libs
package. (BZ#692512)

* Previously, when running in FIPS mode, the salt for PBKDF2 (Password-Based Key
Derivation Function) was generated with the /dev/urandom device. According to
NIST Special Publication 800-132, all or a portion of the salt must be generated
with an approved random number generator. With this update, the salt is
generated with the FIPS RNG (Random Number Generator) and the criterion is met.
(BZ#693371)

These updated packages provide also the following enhancements:

* With this update, cryptsetup uses a FIPS certified random number generator for
generation of volume keys when running in FIPS mode. (BZ#663869)

* This update adds the integrity check of the cryptsetup binary and library for
FIPS mode. (BZ#663870)

Users are advised to upgrade to these updated cryptsetup-luks packages, which
resolve these bugs and add these enhancements.


Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat
Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
cryptsetup-luks-1.2.0-3.el6.src.rpm
File outdated by:  RHBA-2012:0886
    MD5: 4edbbf8772b34d2a072ef038e6369d1f
SHA-256: 603a1b9c2d707c2fad49bdfdbec8788e3782136465e84ae490abc2f012703db9
 
IA-32:
cryptsetup-luks-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: d8fef17644a8745ff2d9732485279665
SHA-256: d5d4965f032d4084b91215592928b5721f0c58c605d34d00cc264c21503d41bd
cryptsetup-luks-debuginfo-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: b92b89672969223769d629ea0f07233b
SHA-256: b604b2c6a1efdcc42a35a4b45b1b9929f562c5a15e9790f3a21e3bf21dd75de2
cryptsetup-luks-devel-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: 5462d031d370816e2cf2d162962cf01a
SHA-256: defa48f2bffe6e7a3f2aa5717f4e2b791accd79129795e1ab636ca30609dc27f
cryptsetup-luks-libs-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: 55daa76e526740a02eb3c15be70e9378
SHA-256: f01bdcdc2354d1cb2651cbf1a6269341295730665ff0120132245d7f0d035a1b
 
x86_64:
cryptsetup-luks-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: 6a76f34d6ab648879a788afbdffe0676
SHA-256: 0d5e2a5af6ee1eaed0de2dbdb9b4feff31972809eaee44b786db31c4ac46bb1e
cryptsetup-luks-debuginfo-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: b92b89672969223769d629ea0f07233b
SHA-256: b604b2c6a1efdcc42a35a4b45b1b9929f562c5a15e9790f3a21e3bf21dd75de2
cryptsetup-luks-debuginfo-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: 60db952090559121a05432a0251f2a2f
SHA-256: 707cd3c40f216ddfd7d97d9a1f2ba4fb1fa57b2f60ffe64667645792bd6589ef
cryptsetup-luks-devel-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: 5462d031d370816e2cf2d162962cf01a
SHA-256: defa48f2bffe6e7a3f2aa5717f4e2b791accd79129795e1ab636ca30609dc27f
cryptsetup-luks-devel-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: bd41be6360d4831aa4d69bbcfad9de6a
SHA-256: 8cdae1651653f0d15fb988fa49233ca1b450ec566275f42b85c4c6f78f154615
cryptsetup-luks-libs-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: 55daa76e526740a02eb3c15be70e9378
SHA-256: f01bdcdc2354d1cb2651cbf1a6269341295730665ff0120132245d7f0d035a1b
cryptsetup-luks-libs-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: 9ad3d8bf442fd688749a94254cc13a71
SHA-256: 5fb4d5c31f2b2e4f9cf0228a84561457cd7eaf1bb2197e87cd4f24ed36bc6926
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
cryptsetup-luks-1.2.0-3.el6.src.rpm
File outdated by:  RHBA-2012:0886
    MD5: 4edbbf8772b34d2a072ef038e6369d1f
SHA-256: 603a1b9c2d707c2fad49bdfdbec8788e3782136465e84ae490abc2f012703db9
 
x86_64:
cryptsetup-luks-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: 6a76f34d6ab648879a788afbdffe0676
SHA-256: 0d5e2a5af6ee1eaed0de2dbdb9b4feff31972809eaee44b786db31c4ac46bb1e
cryptsetup-luks-debuginfo-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: b92b89672969223769d629ea0f07233b
SHA-256: b604b2c6a1efdcc42a35a4b45b1b9929f562c5a15e9790f3a21e3bf21dd75de2
cryptsetup-luks-debuginfo-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: 60db952090559121a05432a0251f2a2f
SHA-256: 707cd3c40f216ddfd7d97d9a1f2ba4fb1fa57b2f60ffe64667645792bd6589ef
cryptsetup-luks-devel-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: 5462d031d370816e2cf2d162962cf01a
SHA-256: defa48f2bffe6e7a3f2aa5717f4e2b791accd79129795e1ab636ca30609dc27f
cryptsetup-luks-devel-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: bd41be6360d4831aa4d69bbcfad9de6a
SHA-256: 8cdae1651653f0d15fb988fa49233ca1b450ec566275f42b85c4c6f78f154615
cryptsetup-luks-libs-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: 55daa76e526740a02eb3c15be70e9378
SHA-256: f01bdcdc2354d1cb2651cbf1a6269341295730665ff0120132245d7f0d035a1b
cryptsetup-luks-libs-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: 9ad3d8bf442fd688749a94254cc13a71
SHA-256: 5fb4d5c31f2b2e4f9cf0228a84561457cd7eaf1bb2197e87cd4f24ed36bc6926
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
cryptsetup-luks-1.2.0-3.el6.src.rpm
File outdated by:  RHBA-2012:0886
    MD5: 4edbbf8772b34d2a072ef038e6369d1f
SHA-256: 603a1b9c2d707c2fad49bdfdbec8788e3782136465e84ae490abc2f012703db9
 
IA-32:
cryptsetup-luks-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: d8fef17644a8745ff2d9732485279665
SHA-256: d5d4965f032d4084b91215592928b5721f0c58c605d34d00cc264c21503d41bd
cryptsetup-luks-debuginfo-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: b92b89672969223769d629ea0f07233b
SHA-256: b604b2c6a1efdcc42a35a4b45b1b9929f562c5a15e9790f3a21e3bf21dd75de2
cryptsetup-luks-devel-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: 5462d031d370816e2cf2d162962cf01a
SHA-256: defa48f2bffe6e7a3f2aa5717f4e2b791accd79129795e1ab636ca30609dc27f
cryptsetup-luks-libs-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: 55daa76e526740a02eb3c15be70e9378
SHA-256: f01bdcdc2354d1cb2651cbf1a6269341295730665ff0120132245d7f0d035a1b
 
PPC:
cryptsetup-luks-1.2.0-3.el6.ppc64.rpm
File outdated by:  RHBA-2012:0886
    MD5: a5430c893846573a3df24cbce5cdba7c
SHA-256: 1b9622192e5d43a243f102a42bcd08635ac978b80177a86beec844ce933a8025
cryptsetup-luks-debuginfo-1.2.0-3.el6.ppc.rpm
File outdated by:  RHBA-2012:0886
    MD5: eaf7c155560f65f6bb16d8f1ddc00d65
SHA-256: fc95d01e75c1a8793611ddaeef1700d219c5a9897e94ee132bff3cc74a92d08d
cryptsetup-luks-debuginfo-1.2.0-3.el6.ppc64.rpm
File outdated by:  RHBA-2012:0886
    MD5: e07cdd825a3444baf3ceed0bb8388579
SHA-256: 680c8618bd051d0203d113575b52cb79342c3ac659a4b23a5249497b4c820ab9
cryptsetup-luks-devel-1.2.0-3.el6.ppc.rpm
File outdated by:  RHBA-2012:0886
    MD5: de2c6fcb387f4924c2e87865e2e92aa7
SHA-256: ef12aca7dc4b94248b2315fce0e02e4e491d841531082319a082c0ec904e1673
cryptsetup-luks-devel-1.2.0-3.el6.ppc64.rpm
File outdated by:  RHBA-2012:0886
    MD5: 45ab80bc666cf5a90d086689c0494d9c
SHA-256: 55f46d5324648f48bed76af36f7b406ba947814486de26eeb0f9afdba9b9312a
cryptsetup-luks-libs-1.2.0-3.el6.ppc.rpm
File outdated by:  RHBA-2012:0886
    MD5: 6e6b9b10b4d4821609e61ca8172a1024
SHA-256: 0d01bb7daee14b5b1ba799ec7fe33db73f427c4eb87dd7843a4d35081f7b7e65
cryptsetup-luks-libs-1.2.0-3.el6.ppc64.rpm
File outdated by:  RHBA-2012:0886
    MD5: ea9842b171c21ec0e191095ef071e4af
SHA-256: bd693eeb2e0613f0164fa1c54f07b0655559fdca2dd564c0a05c513941742245
 
s390x:
cryptsetup-luks-1.2.0-3.el6.s390x.rpm
File outdated by:  RHBA-2012:0886
    MD5: fcb653a15f406082eb6f84b3dcb7bccc
SHA-256: b3154ef54b8e92074b90a1cd970b4907edc0d6ee538644993400554ab93b50e2
cryptsetup-luks-debuginfo-1.2.0-3.el6.s390.rpm
File outdated by:  RHBA-2012:0886
    MD5: 0d9ba208a9bbacfcc046b28c80048125
SHA-256: 73e054515f0e60f9117e62b3a2cd53fb074c68510dbb08d64fbbe27c52f65aac
cryptsetup-luks-debuginfo-1.2.0-3.el6.s390x.rpm
File outdated by:  RHBA-2012:0886
    MD5: ca21f7e07ecf16404534804fc45ee9e3
SHA-256: c6352f045a30c9c29ec626d6f2228aeb206735f4ecda2eb7eaf9e56815cc4e5a
cryptsetup-luks-devel-1.2.0-3.el6.s390.rpm
File outdated by:  RHBA-2012:0886
    MD5: 42a920a4e24ed09c28180d5d97db028a
SHA-256: 081495df68ec557d2f729ba9f22ec536503eec1526ace2ef840bbe657aa7be7a
cryptsetup-luks-devel-1.2.0-3.el6.s390x.rpm
File outdated by:  RHBA-2012:0886
    MD5: bd261b6eb3bfe5bd6f05f1cefa9f43c8
SHA-256: 6c7fad82d0d21e0c496c1696cceb6d9845198e0dc38c4d9e07d44984abf58e4f
cryptsetup-luks-libs-1.2.0-3.el6.s390.rpm
File outdated by:  RHBA-2012:0886
    MD5: 4bd6b327dbee0357e1723536e5ac63b0
SHA-256: a8f152028bfaefb266271917c257a772b3bad91b6284f26d99c7384b90b989ed
cryptsetup-luks-libs-1.2.0-3.el6.s390x.rpm
File outdated by:  RHBA-2012:0886
    MD5: 9725951494ddafe0f5800921324fde43
SHA-256: 2a71691a28352e499cf5951c3b15d6e4c09e532a4ad0cad182585ca2773bf8ff
 
x86_64:
cryptsetup-luks-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: 6a76f34d6ab648879a788afbdffe0676
SHA-256: 0d5e2a5af6ee1eaed0de2dbdb9b4feff31972809eaee44b786db31c4ac46bb1e
cryptsetup-luks-debuginfo-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: b92b89672969223769d629ea0f07233b
SHA-256: b604b2c6a1efdcc42a35a4b45b1b9929f562c5a15e9790f3a21e3bf21dd75de2
cryptsetup-luks-debuginfo-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: 60db952090559121a05432a0251f2a2f
SHA-256: 707cd3c40f216ddfd7d97d9a1f2ba4fb1fa57b2f60ffe64667645792bd6589ef
cryptsetup-luks-devel-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: 5462d031d370816e2cf2d162962cf01a
SHA-256: defa48f2bffe6e7a3f2aa5717f4e2b791accd79129795e1ab636ca30609dc27f
cryptsetup-luks-devel-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: bd41be6360d4831aa4d69bbcfad9de6a
SHA-256: 8cdae1651653f0d15fb988fa49233ca1b450ec566275f42b85c4c6f78f154615
cryptsetup-luks-libs-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: 55daa76e526740a02eb3c15be70e9378
SHA-256: f01bdcdc2354d1cb2651cbf1a6269341295730665ff0120132245d7f0d035a1b
cryptsetup-luks-libs-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: 9ad3d8bf442fd688749a94254cc13a71
SHA-256: 5fb4d5c31f2b2e4f9cf0228a84561457cd7eaf1bb2197e87cd4f24ed36bc6926
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
cryptsetup-luks-1.2.0-3.el6.src.rpm
File outdated by:  RHBA-2012:0886
    MD5: 4edbbf8772b34d2a072ef038e6369d1f
SHA-256: 603a1b9c2d707c2fad49bdfdbec8788e3782136465e84ae490abc2f012703db9
 
IA-32:
cryptsetup-luks-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: d8fef17644a8745ff2d9732485279665
SHA-256: d5d4965f032d4084b91215592928b5721f0c58c605d34d00cc264c21503d41bd
cryptsetup-luks-debuginfo-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: b92b89672969223769d629ea0f07233b
SHA-256: b604b2c6a1efdcc42a35a4b45b1b9929f562c5a15e9790f3a21e3bf21dd75de2
cryptsetup-luks-devel-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: 5462d031d370816e2cf2d162962cf01a
SHA-256: defa48f2bffe6e7a3f2aa5717f4e2b791accd79129795e1ab636ca30609dc27f
cryptsetup-luks-libs-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: 55daa76e526740a02eb3c15be70e9378
SHA-256: f01bdcdc2354d1cb2651cbf1a6269341295730665ff0120132245d7f0d035a1b
 
x86_64:
cryptsetup-luks-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: 6a76f34d6ab648879a788afbdffe0676
SHA-256: 0d5e2a5af6ee1eaed0de2dbdb9b4feff31972809eaee44b786db31c4ac46bb1e
cryptsetup-luks-debuginfo-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: b92b89672969223769d629ea0f07233b
SHA-256: b604b2c6a1efdcc42a35a4b45b1b9929f562c5a15e9790f3a21e3bf21dd75de2
cryptsetup-luks-debuginfo-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: 60db952090559121a05432a0251f2a2f
SHA-256: 707cd3c40f216ddfd7d97d9a1f2ba4fb1fa57b2f60ffe64667645792bd6589ef
cryptsetup-luks-devel-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: 5462d031d370816e2cf2d162962cf01a
SHA-256: defa48f2bffe6e7a3f2aa5717f4e2b791accd79129795e1ab636ca30609dc27f
cryptsetup-luks-devel-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: bd41be6360d4831aa4d69bbcfad9de6a
SHA-256: 8cdae1651653f0d15fb988fa49233ca1b450ec566275f42b85c4c6f78f154615
cryptsetup-luks-libs-1.2.0-3.el6.i686.rpm
File outdated by:  RHBA-2012:0886
    MD5: 55daa76e526740a02eb3c15be70e9378
SHA-256: f01bdcdc2354d1cb2651cbf1a6269341295730665ff0120132245d7f0d035a1b
cryptsetup-luks-libs-1.2.0-3.el6.x86_64.rpm
File outdated by:  RHBA-2012:0886
    MD5: 9ad3d8bf442fd688749a94254cc13a71
SHA-256: 5fb4d5c31f2b2e4f9cf0228a84561457cd7eaf1bb2197e87cd4f24ed36bc6926
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

612963 - error message is shown twice on cryptsetup status
623121 - md4 and md5 hashes are not supported by LUKS
658817 - Update cryptsetup to new version
692512 - cryptsetup should have dependency for device-mapper-libs



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/