[ubuntu/oneiric] ecryptfs-utils 90-0ubuntu1 (Accepted)
Dustin Kirkland
kirkland at ubuntu.com
Wed Aug 10 13:45:19 UTC 2011
ecryptfs-utils (90-0ubuntu1) oneiric; urgency=low
[ Marc Deslauriers ]
* SECURITY UPDATE: privilege escalation via mountpoint race conditions
(LP: #732628)
- debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
before checking permissions in src/utils/mount.ecryptfs_private.c.
- CVE-2011-1831
- CVE-2011-1832
* SECURITY UPDATE: race condition when checking source during mount
(LP: #732628)
- debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
kernel option when mounting directory in
src/utils/mount.ecryptfs_private.c.
- CVE-2011-1833
* SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
- debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
file first and make sure it succeeds before replacing the real mtab
in src/utils/mount.ecryptfs_private.c.
- CVE-2011-1834
* SECURITY UPDATE: key poisoning via insecure temp directory handling
(LP: #732628)
- debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
user controlled directory in src/utils/ecryptfs-setup-private.
- CVE-2011-1835
* SECURITY UPDATE: information disclosure via recovery mount in /tmp
(LP: #732628)
- debian/patches/CVE-2011-1836.patch: mount inside protected
subdirectory in src/utils/ecryptfs-recover-private.
- CVE-2011-1836
* SECURITY UPDATE: arbitrary file overwrite via lock counter race
condition (LP: #732628)
- debian/patches/CVE-2011-1837.patch: verify permissions with a file
descriptor, and don't follow symlinks in
src/utils/mount.ecryptfs_private.c.
- CVE-2011-1837
Date: Wed, 10 Aug 2011 08:36:44 -0500
Changed-By: Dustin Kirkland <kirkland at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/ecryptfs-utils/90-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 10 Aug 2011 08:36:44 -0500
Source: ecryptfs-utils
Binary: ecryptfs-utils libecryptfs0 libecryptfs-dev
Architecture: source
Version: 90-0ubuntu1
Distribution: oneiric
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dustin Kirkland <kirkland at ubuntu.com>
Description:
ecryptfs-utils - ecryptfs cryptographic filesystem (utilities)
libecryptfs-dev - ecryptfs cryptographic filesystem (development)
libecryptfs0 - ecryptfs cryptographic filesystem (library)
Launchpad-Bugs-Fixed: 732628
Changes:
ecryptfs-utils (90-0ubuntu1) oneiric; urgency=low
.
[ Marc Deslauriers ]
* SECURITY UPDATE: privilege escalation via mountpoint race conditions
(LP: #732628)
- debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
before checking permissions in src/utils/mount.ecryptfs_private.c.
- CVE-2011-1831
- CVE-2011-1832
* SECURITY UPDATE: race condition when checking source during mount
(LP: #732628)
- debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
kernel option when mounting directory in
src/utils/mount.ecryptfs_private.c.
- CVE-2011-1833
* SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
- debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
file first and make sure it succeeds before replacing the real mtab
in src/utils/mount.ecryptfs_private.c.
- CVE-2011-1834
* SECURITY UPDATE: key poisoning via insecure temp directory handling
(LP: #732628)
- debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
user controlled directory in src/utils/ecryptfs-setup-private.
- CVE-2011-1835
* SECURITY UPDATE: information disclosure via recovery mount in /tmp
(LP: #732628)
- debian/patches/CVE-2011-1836.patch: mount inside protected
subdirectory in src/utils/ecryptfs-recover-private.
- CVE-2011-1836
* SECURITY UPDATE: arbitrary file overwrite via lock counter race
condition (LP: #732628)
- debian/patches/CVE-2011-1837.patch: verify permissions with a file
descriptor, and don't follow symlinks in
src/utils/mount.ecryptfs_private.c.
- CVE-2011-1837
Checksums-Sha1:
1a0e45401377138dca26069b7234c4aa6a520280 2120 ecryptfs-utils_90-0ubuntu1.dsc
6fbc83fa3d17e4e5d141040bac92b2139c134b78 569148 ecryptfs-utils_90.orig.tar.gz
8af1f54b37043ad5e7fe0b747a5e512009e829db 18527 ecryptfs-utils_90-0ubuntu1.debian.tar.gz
Checksums-Sha256:
127207057bb462db49968f0481691010c714a330b6001c05d2d4ba2a076db963 2120 ecryptfs-utils_90-0ubuntu1.dsc
1cdce5ab1f46b58926826dd2f733b98a5b0449d36d43d40147da96fb749cac7e 569148 ecryptfs-utils_90.orig.tar.gz
52f16ea3d4787152a5a54326cbd78553adc7e8b7b9c8de65467eff13d82eeee5 18527 ecryptfs-utils_90-0ubuntu1.debian.tar.gz
Files:
090396ae85c331683d7bc42e3aa4ea04 2120 misc optional ecryptfs-utils_90-0ubuntu1.dsc
a81621fb2f7ab4b81f9bffc020b181e2 569148 misc optional ecryptfs-utils_90.orig.tar.gz
87c91dc09b1d5710b61a887ed4118277 18527 misc optional ecryptfs-utils_90-0ubuntu1.debian.tar.gz
Original-Maintainer: Daniel Baumann <daniel at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJOQooIAAoJEJXmQ3PxUpRpSfkP/inrCx3DNya5rRrFr0XA9zne
5tSa8mCAYVRL7WO3Z09Kgcf9H2CbB04Hn1hoE44VANvQ5jW6tA9OnICpFxlGqjY+
arLl8IuvUp7oXXECYDbHzlxYuF78zu3pdfO6Q27+kr5DMqOT/CpBP+uC5LTuYzf+
NX9hWJm3TVe3zX4zhIbiU10q0dE2RsudR259rZ0POriW9FaYn5WBtGxZmzR5jj3w
kFtV7yzvnZ9A6KDCp47AYkmF5tHGArcwYOQ2LoGETmpWMeRsLSbqfXvWGZDnyxya
geHaLp6nK6Vx7AecNCpSGUPddFLFcW4XS1dZE5ER26xEpCoBUAKKhfkZA3Wvhm14
6a9FOAZoEmXm3/DltwAahqnG/t/fpmMxoG+UNh+cVj/XaAI+5tPbLMYKnwJhcJDN
L+eT/WYBsHL0ksoL20ME/Pe2Ul8XZl0vRYwXpkzIrCyNBi6HeMwWHyEYMfngfQC4
YSr3ljiPmgQuQr/9vnfUdZCGZvGYKxC0N5wXfp26xSAu9Xxxllp6ZSDZFnx1Udj7
GsTTdyukNWJ+Odx8ig3qYe8Pg/oFQjOcGzWRQ8vtDEiObso67Mrw9RI2rjci7+a0
JmgHVMITpY7wn7H6P+Z3s7N2FL7UOgMZEaG0QY+RqFkJdRZdXDxyyBTN8CSlG1CS
49e77fr/ypgp09Xm3O6q
=WaaY
-----END PGP SIGNATURE-----
More information about the Oneiric-changes
mailing list