CVE-2016-4484 log

Source
Severity Medium
Remote No
Type Access restriction bypass
Description
A vulnerability in cryptsetup, concretely in the scripts that unlock the system partition when the partition is ciphered using LUKS (Linux Unified Key Setup) was found. The fault is caused by an incorrect handling of the password check in the script file /scripts/local-top/cryptroot. This vulnerability allows to obtain a root initramfs shell on affected systems. Attackers can copy, modify or destroy the hard disc as well as set up the network to exflitrate data.

This issue only affects downstream initrd's script rather then cryptsetup itself as for example shipped via Debian.
Group Package Affected Fixed Severity Status Ticket
AVG-71 cryptsetup 1.7.3-1 Medium Not affected
References
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
http://seclists.org/oss-sec/2016/q4/427
Notes
This issue only affects downstream initrd's script rather then cryptsetup itself as for example shipped via Debian.