Issued:

2011-12-06

Updated:

2011-12-06

RHBA-2011:1688 - cryptsetup-luks bug fix and enhancement update

Synopsis

cryptsetup-luks bug fix and enhancement update

Type/Severity

Bug Fix Advisory (none)

Topic

Updated cryptsetup-luks packages that fix several bugs and add an enhancement are now available for Red Hat Enterprise Linux 6.

Description

The cryptsetup-luks packages provide a utility which allows users to set up encrypted devices with the Device Mapper and the dm-crypt target.

This update fixes the following bugs:

• When the cryptsetup or libcryptsetup utility was run in FIPS (Federal Information Processing Standards) mode, the "Running in FIPS mode." message was displayed during initialization of all commands. This sometimes caused minor issues with associated scripts. This bug has been fixed and the message is now displayed only in verbose mode. (BZ#713410)

• Prior to this update, several directives were missing in cryptsetup status command implementation. Therefore, the cryptsetup status command always returned the exit code 0 when verifying the status of a mapped device. To fix this issue, the code has been modified. The cryptsetup status command now returns the 0 value only if the device checked is active. (BZ#732179)

This update also provides the following enhancement:

• Previously, the libcryptsetup crypt_get_volume_key() function allowed to perform an action not compliant with FIPS. To conform FIPS requirements, the function is now disabled in FIPS mode and returns an EACCES error code to indicate it. Note that the "luksDump --dump-master-key" command and the key escrow functionality of the volume_key package are also disabled in FIPS mode as a consequence of this update. (BZ#701936)

All users of cryptsetup-luks are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259

Affected Products

Updated Packages

• cryptsetup-luks-debuginfo-1.2.0-6.el6.x86_64.rpm
• cryptsetup-luks-debuginfo-1.2.0-6.el6.s390.rpm
• cryptsetup-luks-devel-1.2.0-6.el6.s390.rpm
• cryptsetup-luks-1.2.0-6.el6.src.rpm
• cryptsetup-luks-1.2.0-6.el6.s390x.rpm
• cryptsetup-luks-libs-1.2.0-6.el6.i686.rpm
• cryptsetup-luks-debuginfo-1.2.0-6.el6.ppc.rpm
• cryptsetup-luks-devel-1.2.0-6.el6.s390x.rpm
• cryptsetup-luks-devel-1.2.0-6.el6.x86_64.rpm
• cryptsetup-luks-devel-1.2.0-6.el6.ppc.rpm
• cryptsetup-luks-devel-1.2.0-6.el6.ppc64.rpm
• cryptsetup-luks-libs-1.2.0-6.el6.s390.rpm
• cryptsetup-luks-libs-1.2.0-6.el6.ppc.rpm
• cryptsetup-luks-debuginfo-1.2.0-6.el6.s390x.rpm
• cryptsetup-luks-1.2.0-6.el6.x86_64.rpm
• cryptsetup-luks-libs-1.2.0-6.el6.ppc64.rpm
• cryptsetup-luks-libs-1.2.0-6.el6.s390x.rpm
• cryptsetup-luks-debuginfo-1.2.0-6.el6.i686.rpm
• cryptsetup-luks-devel-1.2.0-6.el6.i686.rpm
• cryptsetup-luks-1.2.0-6.el6.ppc64.rpm
• cryptsetup-luks-libs-1.2.0-6.el6.x86_64.rpm
• cryptsetup-luks-1.2.0-6.el6.i686.rpm
• cryptsetup-luks-debuginfo-1.2.0-6.el6.ppc64.rpm

Fixes

• This content is not included.BZ - 713410
• This content is not included.BZ - 732179

CVEs

(none)

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.