Ubuntu

“ecryptfs-utils” 87-0ubuntu1.1 source package in Ubuntu

Changelog

ecryptfs-utils (87-0ubuntu1.1) natty-security; urgency=low

  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
 -- Marc Deslauriers <email address hidden>   Thu, 04 Aug 2011 10:43:33 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2011-08-08
Uploaded to:
Natty
Original maintainer:
Ubuntu Developers
Component:
main
Architectures:
any
Section:
misc
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
ecryptfs-utils_87.orig.tar.gz 530.2 KiB b3e4ec1c70b3c57bd289b327363c39f6
ecryptfs-utils_87-0ubuntu1.1.debian.tar.gz 20.6 KiB 09f3beb962bbebb42bc2694f058f4b9f
ecryptfs-utils_87-0ubuntu1.1.dsc 2.1 KiB 1fc12fbace9f2c8c50aa2c1e95e055cf

Binary packages built by this source

ecryptfs-utils: ecryptfs cryptographic filesystem (utilities)

 eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem
 for Linux.
 .
 It provides advanced key management and policy features. eCryptfs stores
 cryptographic metadata in the header of each file written, so that encrypted
 files can be copied between hosts; the file will be decryptable with the proper
 key, and there is no need to keep track of any additional information aside
 from what is already in the encrypted file itself. Think of eCryptfs as a sort
 of "gnupgfs".
 .
 eCryptfs is a native Linux filesystem. The kernel module component of eCryptfs
 is part of the Linux kernel since 2.6.19.
 .
 This package contains the userland utilities.

libecryptfs-dev: ecryptfs cryptographic filesystem (development)

 eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem
 for Linux.
 .
 This package contains the development files.

libecryptfs0: ecryptfs cryptographic filesystem (library)

 eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem
 for Linux.
 .
 This package contains the library.