1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
cryptsetup (2:2.0.3-2) unstable; urgency=medium
In order to defeat online brute-force attacks, the initramfs boot
script sleeps for 1 second after each failed try. On the other
hand, it no longer sleeps for a full minute after exceeding the
maximum number of unlocking tries. This behavior was added in
2:1.7.3-2 as an attempt to mitigate CVE-2016-4484; to avoid dropping
to the debug shell after exceeding the maximum number of unlocking
tries, users need to use the 'panic' boot parameter and lock down
their boot loader & BIOS/UEFI.
The initramfs hook nows uses /proc/mounts instead of /etc/fstab to
detect the root device that is to be unlocked at initramfs stage.
-- Guilhem Moulin <guilhem@debian.org> Fri, 15 Jun 2018 18:50:56 +0200
|
