Skip to navigation

Bug Fix Advisory cryptsetup-luks bug fix update

Advisory: RHBA-2011:0987-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2011-07-21
Last updated on: 2011-07-21
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

An updated cryptsetup-luks package that fixes various bugs is now available for
Red Hat Enterprise Linux 5.

The cryptsetup-luks package provides a utility for setting up encrypted file
systems using Device Mapper and the dm-crypt target.

This updated cryptsetup-luks package includes fixes for the following bugs:

* When executing the "cryptsetup luksOpen" command on an encrypted disk device
formatted with an older version of cryptsetup, the following message appeared:
"automatic header conversion from 0.99 to 0.991 triggered". Consequently, the
device became unresponsive at every attempt to open it. The older version of
cryptsetup converted the master key iteration count incorrectly, which has been
fixed and the device hangs no longer. (BZ#583431)

* The cryptsetup utility became unresponsive when using the "cryptsetup isLuks"
command on an ordinary file. This problem has been fixed: if running the command
on an ordinary file, the cryptsetup utility informs users about the file not
being a LUKS partition. (BZ#622712)

* Previously, the cryptsetup utility could have terminated unexpectedly when the
key size was larger than 256 bits. The cryptsetup utility now properly supports
keys longer than 256 bits, fixing the problem. (BZ#678011, BZ#684616)

* When removing a key from the key slot by running the "cryptsetup luksDelKey"
command, only the key slot itself was cleared but the salt and iteration count
remained in the key slot header. All additional information is now cleared as
well. (BZ#697815)

All users of cryptsetup-luks are advised to upgrade to this updated package,
which resolves these bugs.


Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat
Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
cryptsetup-luks-1.0.3-8.el5.src.rpm     MD5: 0957f80ca5456705f0f9645d215a34e7
SHA-256: 3a5551e6694fcb87e0b9f24bbffd857056c5c5801737da6c0f236c8ee1e0bb41
 
IA-32:
cryptsetup-luks-devel-1.0.3-8.el5.i386.rpm     MD5: 89e78e223abf52b0efa9b7038339ede4
SHA-256: 15bca3cd17064c094a9d2b566bf2547557ef55469d5dae984a51bee295b97183
 
x86_64:
cryptsetup-luks-devel-1.0.3-8.el5.i386.rpm     MD5: 89e78e223abf52b0efa9b7038339ede4
SHA-256: 15bca3cd17064c094a9d2b566bf2547557ef55469d5dae984a51bee295b97183
cryptsetup-luks-devel-1.0.3-8.el5.x86_64.rpm     MD5: 9dcdda8040620c2b03e21725eb00a35e
SHA-256: a623f7e0ff259a1e8d986fb11568fe16096a0461936a926c3336fad1c2c68505
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
cryptsetup-luks-1.0.3-8.el5.src.rpm     MD5: 0957f80ca5456705f0f9645d215a34e7
SHA-256: 3a5551e6694fcb87e0b9f24bbffd857056c5c5801737da6c0f236c8ee1e0bb41
 
IA-32:
cryptsetup-luks-1.0.3-8.el5.i386.rpm     MD5: e9f64e1d4907ba7bfc578a9eda5db8d6
SHA-256: 32fd662e360b74cfb399ecaf2547a2bf36fbc1d43e02a2734b1ff0c391a514c3
cryptsetup-luks-devel-1.0.3-8.el5.i386.rpm     MD5: 89e78e223abf52b0efa9b7038339ede4
SHA-256: 15bca3cd17064c094a9d2b566bf2547557ef55469d5dae984a51bee295b97183
 
IA-64:
cryptsetup-luks-1.0.3-8.el5.ia64.rpm     MD5: b658372ba574af5aca4a5ad24cc8c37c
SHA-256: 9144129ebe3e0b21bccc7ea90886b44b03d1202af12c0fae9c8a94f5a2d35aaa
cryptsetup-luks-devel-1.0.3-8.el5.ia64.rpm     MD5: 343928a038f3cd1ee06e0f8f285e47a9
SHA-256: e03b29b7806b0a1a6f6da7b7529f614d65e2127332aaf88745b1ff56c8b5f1f1
 
PPC:
cryptsetup-luks-1.0.3-8.el5.ppc.rpm     MD5: e0ffcd8c78a7d1db8d3f66305d0ae811
SHA-256: 977dfe73510e4e79af4e93cd01f0c40fcef7346b99839e189cc90a683e91e891
cryptsetup-luks-1.0.3-8.el5.ppc64.rpm     MD5: 920eca3a88ce03b55b8e46523654c303
SHA-256: 1abf2ab45b7c08401af024ee234e3fbd9d2e1dc3478814469f9c828e2993ab39
cryptsetup-luks-devel-1.0.3-8.el5.ppc.rpm     MD5: 505c67ea4628e7dcebfb46b271036311
SHA-256: 3086cb5db56bd9d045ac6464725c4d83e97e74e923591faaebd3bdbe13eacf83
cryptsetup-luks-devel-1.0.3-8.el5.ppc64.rpm     MD5: ea9544a5b8161cac504a59d129fac2b7
SHA-256: efdee338e44fdbfff5c332d928779f8371f1a68b29510d8259f4f729bbefc1c5
 
s390x:
cryptsetup-luks-1.0.3-8.el5.s390.rpm     MD5: df71c61f34a02b37a991e1938d470060
SHA-256: 7157dbace8c7498c3a95eb9c061d68138275432e7bff91830618c43cf7ddcebf
cryptsetup-luks-1.0.3-8.el5.s390x.rpm     MD5: 7896429d30c0261ced223738244793c0
SHA-256: 2143a55e0287c0a2617dabf5d06035ac2d0b73ff474d9a134e01e9c7605bc357
cryptsetup-luks-devel-1.0.3-8.el5.s390.rpm     MD5: 5234afbce13eebf35e11167704530572
SHA-256: 3109c8ac09714dac9a1244c1889924f7549a437f299563977eae93eb71eddc57
cryptsetup-luks-devel-1.0.3-8.el5.s390x.rpm     MD5: 834bedfe7cb8ac0957a1f9afb1e72f5b
SHA-256: 6a2a5bf0a218b0d653b2044351d92f7e591eb7ff3ae4902005663e7ce83dab10
 
x86_64:
cryptsetup-luks-1.0.3-8.el5.i386.rpm     MD5: e9f64e1d4907ba7bfc578a9eda5db8d6
SHA-256: 32fd662e360b74cfb399ecaf2547a2bf36fbc1d43e02a2734b1ff0c391a514c3
cryptsetup-luks-1.0.3-8.el5.x86_64.rpm     MD5: b79c6e638c3ba23997fe5da627cef282
SHA-256: 8de31d92b3df4dae321e3a4849341496af22513e9f629f1df55ab408ca6d8fbe
cryptsetup-luks-devel-1.0.3-8.el5.i386.rpm     MD5: 89e78e223abf52b0efa9b7038339ede4
SHA-256: 15bca3cd17064c094a9d2b566bf2547557ef55469d5dae984a51bee295b97183
cryptsetup-luks-devel-1.0.3-8.el5.x86_64.rpm     MD5: 9dcdda8040620c2b03e21725eb00a35e
SHA-256: a623f7e0ff259a1e8d986fb11568fe16096a0461936a926c3336fad1c2c68505
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
cryptsetup-luks-1.0.3-8.el5.src.rpm     MD5: 0957f80ca5456705f0f9645d215a34e7
SHA-256: 3a5551e6694fcb87e0b9f24bbffd857056c5c5801737da6c0f236c8ee1e0bb41
 
IA-32:
cryptsetup-luks-1.0.3-8.el5.i386.rpm     MD5: e9f64e1d4907ba7bfc578a9eda5db8d6
SHA-256: 32fd662e360b74cfb399ecaf2547a2bf36fbc1d43e02a2734b1ff0c391a514c3
 
x86_64:
cryptsetup-luks-1.0.3-8.el5.i386.rpm     MD5: e9f64e1d4907ba7bfc578a9eda5db8d6
SHA-256: 32fd662e360b74cfb399ecaf2547a2bf36fbc1d43e02a2734b1ff0c391a514c3
cryptsetup-luks-1.0.3-8.el5.x86_64.rpm     MD5: b79c6e638c3ba23997fe5da627cef282
SHA-256: 8de31d92b3df4dae321e3a4849341496af22513e9f629f1df55ab408ca6d8fbe
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

583431 - dm-crypt hanging on attempts to manipulate an encrypted device
622712 - cryptsetup hangs when isLuks is used on ordinary file
678011 - cryptsetup luksOpen causes ** stack smashing detected *** for large key
684616 - cryptsetup segfaults in plain mode
696561 - Coverity scan revealed issues
697815 - cryptsetup luksDelKey doesn't wipe salt and iteration count for removed slot



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/