Is there a way to check if the Cryptsetup vulnerability patch is already installed?

Asked Nov 19 '16 at 03:45

Active Nov 19 '16 at 03:45

Viewed 40 times

Is there a way to check if we already have the patch for the Cryptsetup vulnerability that's in the news recently?

I keep on getting software updates from the software center and I am not sure if one of those is for this specific vulnerability.

Thanks,

asked Nov 19 '16 at 03:45

trc_gno4.8

You can follow https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4484.html. – edwinksl Nov 19 '16 at 04:00
@edwinksl Thanks for that link it is interesting. I found the "brute-force attack" classification somewhat comical since it involves holding down the Enter key for 70 seconds. – WinEunuuchs2Unix Nov 19 '16 at 04:30
1

@ WinEunuuchs2Unix: The attacker does not gain anything which they don't already have by obtaining physical access to the system. They get a single-user shell in the initrd environment. They can get that by booting the system from the installation media. There is nothing secret in the initial RAM file system. – AlexP Nov 19 '16 at 07:56

0 Answers0