Hello Mark - Thanks for the bug report! We are aware of this flaw in cryptsetup and have triaged it in the Ubuntu CVE Tracker:
http://people.canonical.com/~ubuntu- security/cve/2016/CVE-2016-4484.html We marked it as a low priority issue as there are several other ways that you can get a root shell during the boot process. We don't plan to put out security updates to our stable releases for this issue by itself. However, we will include this fix if there is a more urgent cryptsetup security issue that we address in the future. ** Information type changed from Private Security to Public Security ** Changed in: cryptsetup (Ubuntu) Status: New => Triaged ** Changed in: cryptsetup (Ubuntu) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1660701 Title: Cryptsetup Initrd root Shell To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1660701/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
