eCryptfs 90

Milestone information

Project:
eCryptfs
Series:
trunk
Version:
90
Released:
2011-08-10  
Registrant:
Dustin Kirkland 
Release registered:
2011-08-10
Active:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
No users assigned to blueprints and bugs.
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
No bugs are targeted to this milestone.

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon ecryptfs-utils_90.orig.tar.gz (md5, sig) ecryptfs-utils-90 571
last downloaded 3 weeks ago
Total downloads: 571

Release notes 

  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837

Changelog 

This release does not have a changelog.

0 blueprints and 0 bugs targeted

There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.

This milestone contains Public information
Everyone can see this information.