AOSA-2016-0026: Update Cryptsetup to 1.7.3

Please update your cryptsetup package to version 1.7.3.

A new version of Cryptsetup was announced with fix to the following security vulnerability:

CVE-2016-4484.

More specifically, this is a vulnerability that a large amount of "Enter" keystroke may allow attacker/user to gain root access to the shell. However, at a note of relief - in the case of AOSC OS, an attacker could only get so far before he was prompted for decryption when trying to access files on an encrypted partition - as the attacker may only gain access to the shell of the initialization RAM disk, but not the partition itself (where the system was installed).

Relevant documentation:

• Cryptsetup 1.7.3 release note
• CVE-2016-4484: Cryptsetup Initrd root Shell