CVE-2020-11932

Name of the Vulnerable Software and Affected Versions Ubuntu Server versions prior to Subiquity 20.05.2

Description A security issue was discovered in the Subiquity installer for Ubuntu Server, where the LUKS full disk encryption password was logged if one was entered. This issue was caused by the password being stored in the log. The company Canonical released a corrective version of the Subiquity installer, 20.05.2, which applies to Ubuntu Server installations starting from version 18.04 in Live mode.

Recommendations For Ubuntu Server versions prior to Subiquity 20.05.2, update the Subiquity installer to version 20.05.2, which can be obtained from the Snap Store, to resolve the issue. As a temporary workaround, consider avoiding the use of LUKS full disk encryption or taking extra precautions to protect the password until the update is applied.