====================================================================

                              CERT-Renater

                 Note d'Information No. 2016/VULN356
_____________________________________________________________________

DATE                : 19/10/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running VeraCrypt versions prior to 5.6.27,
                                          7.0.12.

=====================================================================
https://veracrypt.codeplex.com/
https://veracrypt.codeplex.com/wikipage?title=Release%20Notes
____________________________________________________________________

UPDATE October 17th 2016 :

VeraCrypt 1.19 has been released. It includes fixes for issues reported
by Quarkslab audit that was funded by OSTIF. This release also brings
many enhancements and fixes, like Serpent algorithm speedup by a factor
of 2.5 and the support of Windows 32-bit for EFI system encryption.
Please check the release notes for the complete list of changes.
Download for Windows is here.

____________________________________________________________________

1.19 (October 17th, 2016):

     All OSs:
         Fix issues raised by Quarkslab audit.
             Remove GOST89 encryption algorithm.
             Make PBKDF2 and HMAC code clearer and easier to analyze.
             Add test vectors for Kuznyechik.
             Update documentation to warn about risks of using command
              line switch ”tokenpin”.
         Use SSE2 optimized Serpent algorithm implementation from Botan
          project (2.5 times faster on 64-bit platforms).
     Windows:
         Fix keyboard issues in EFI Boot Loader.
         Fix crash on 32-bit machines when creating a volume that uses
          Streebog as PRF.
         Fix false positive detection of Evil-Maid attacks in some cases
          (e.g. hidden OS creation)
         Fix failure to access EFS data on VeraCrypt volumes under
          Windows 10.
         Fix wrong password error in the process of copying hidden OS.
         Fix issues raised by Quarkslab audit:
             Fix leak of password length in MBR bootloader inherited
              from TrueCrypt.
             EFI bootloader: Fix various leaks and erase keyboard buffer
              after password is typed.
             Use libzip library for handling zip Rescue Disk file
              instead of vulnerable XUnzip library.
         Support EFI system encryption for 32-bit Windows.
         Perform shutdown instead of reboot during Pre-Test of EFI
          system encryption to detect incompatible motherboards.
         Minor GUI and translations fixes.
     MacOSX:
         Remove dependency to MacFUSE compatibility layer in OSXFuse.


==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================