Security alert for Debian

If you encrypt your partition on Debian you may be subject to a critical flaw in cryptsetup. More details:
PoC: CVE-2016-4484
French article on ZDNet

It needs a physical access to the machine, and as usual, a physical access allows many things…
It needs to reboot the machine. A turn on machine is already in “decrypted mode”…

Debian has corrected the bug, an updated is sufficient.

I agree with you at 90% but keep in mind a console access doesn’t always mean physical access think virtual machines, KVM or even remote consoles (like in the Scaleway dashboard for exemple).
Anyway, I agree that is a relatively limited flaw but a flaw nevertheless :slight_smile: