[Libguestfs] LUKS decryption with Clevis+Tang | CVE-2022-2211
Richard W.M. Jones
rjones at redhat.com
Tue Jun 28 09:24:15 UTC 2022
[Adding packagers to CC for visibility.]
On Tue, Jun 28, 2022 at 11:00:43AM +0200, Laszlo Ersek wrote:
> Hi,
>
> * in response to this cover letter, I'm going to post four series (one
> for each of libguestfs-common, libguestfs, guestfs-tools, virt-v2v).
> These four series implement LUKS decryption with Clevis+Tang:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1809453
>
> * The first patch in the libguestfs-common series fixes a bug that I'd
> found while working on the feature, and ended up receiving a CVE number
> (CVE-2022-2211):
>
> https://bugzilla.redhat.com/show_bug.cgi?id=2100862
>
> This patch is an integral part of the larger Clevis+Tang feature.
> However, it can be backported easily to stable branches that only want
> the bugfix.
>
> * Correspondingly, the first patch in the libguestfs series documents
> the new CVE (and updates the common submodule just enough to get the CVE
> fix). This patch should also be easy to backport to stable branches.
>
> A later patch in the libguestfs series updates the "common" submodule
> checkout to the end of the libguestfs-common series.
>
> * In each of the guestfs-tools and virt-v2v series, the full "common"
> submodule series is consumed right in the first patch, covering both the
> CVE fix and the new stuff needed for the Clevis feature.
>
> Thanks,
> Laszlo
> _______________________________________________
> Libguestfs mailing list
> Libguestfs at redhat.com
> https://listman.redhat.com/mailman/listinfo/libguestfs
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
nbdkit - Flexible, fast NBD server with plugins
https://gitlab.com/nbdkit/nbdkit
More information about the Libguestfs
mailing list