ecryptfs-utils 83-0ubuntu3.2.10.10.1 source package in Ubuntu

Changelog

ecryptfs-utils (83-0ubuntu3.2.10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - src/utils/mount.ecryptfs_private.c: chdir into mountpoint before
      checking permissions. Patch thanks to Dan Rosenberg.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - src/utils/mount.ecryptfs_private.c: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - src/utils/mount.ecryptfs_private.c: modify mtab via a temp file first
      and make sure it succeeds before replacing the real mtab. Patch
      thanks to Dan Rosenberg.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - src/utils/ecryptfs-setup-private: make sure we don't copy into a
      user controlled directory.
    - CVE-2011-1835
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - src/utils/mount.ecryptfs_private.c: verify permissions with a file
      descriptor, and don't follow symlinks.
    - CVE-2011-1837
 -- Marc Deslauriers <email address hidden>   Thu, 04 Aug 2011 10:41:53 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2011-08-08
Uploaded to:
Maverick
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
misc
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
ecryptfs-utils_83.orig.tar.gz 535.4 KiB ede721fa2dba9cb3dadf89e5a21c555be35fa031abd841073fcc6f92e3b29dee
ecryptfs-utils_83-0ubuntu3.2.10.10.1.diff.gz 18.9 KiB 313d935840cedd2d7f3d5cbf7868d09aa5f684f1f8c17dc94a736d78cd42d966
ecryptfs-utils_83-0ubuntu3.2.10.10.1.dsc 2.2 KiB caa684dd89c95ae3f38f6214a94b595a2618c7e8c989bb88f421e4d825c63b00

View changes file

Binary packages built by this source

ecryptfs-utils: ecryptfs cryptographic filesystem (utilities)

 eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem
 for Linux.
 .
 It provides advanced key management and policy features. eCryptfs stores
 cryptographic metadata in the header of each file written, so that encrypted
 files can be copied between hosts; the file will be decryptable with the proper
 key, and there is no need to keep track of any additional information aside
 from what is already in the encrypted file itself. Think of eCryptfs as a sort
 of "gnupgfs".
 .
 eCryptfs is a native Linux filesystem. The kernel module component of eCryptfs
 is part of the Linux kernel since 2.6.19.
 .
 This package contains the userland utilities.

libecryptfs-dev: ecryptfs cryptographic filesystem (development)

 eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem
 for Linux.
 .
 This package contains the development files.

libecryptfs0: ecryptfs cryptographic filesystem (library)

 eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem
 for Linux.
 .
 This package contains the library.