AOSA-2016-0026: Update Cryptsetup to 1.7.3
November 18, 2016
Please update your
cryptsetup package to version
A new version of Cryptsetup was announced with fix to the following security vulnerability:
More specifically, this is a vulnerability that a large amount of "Enter" keystroke may allow attacker/user to gain root access to the shell. However, at a note of relief - in the case of AOSC OS, an attacker could only get so far before he was prompted for decryption when trying to access files on an encrypted partition - as the attacker may only gain access to the shell of the initialization RAM disk, but not the partition itself (where the system was installed).