ecryptfs-utils 89-0ubuntu2 source package in Ubuntu

Changelog

ecryptfs-utils (89-0ubuntu2) oneiric; urgency=low

  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
 -- Marc Deslauriers <email address hidden>   Thu, 04 Aug 2011 10:37:40 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2011-08-09
Uploaded to:
Oneiric
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
misc
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
ecryptfs-utils_89.orig.tar.gz 535.7 KiB 509b51381c07b8d8cc083b68cd22293ccb45e15c52d243909f5e8ed1ca3ddfa3
ecryptfs-utils_89-0ubuntu2.debian.tar.gz 21.2 KiB b065ab5834ef5b78476915ba3232cd4966fe18cad6c903cf9d1a9470c8d54c03
ecryptfs-utils_89-0ubuntu2.dsc 2.1 KiB 6b462a2f88fdd7fad24b4e5136afd7b3fd094fb342faacd4c7d443fd25adddbc

Available diffs

View changes file

Binary packages built by this source

ecryptfs-utils: No summary available for ecryptfs-utils in ubuntu oneiric.

No description available for ecryptfs-utils in ubuntu oneiric.

libecryptfs-dev: No summary available for libecryptfs-dev in ubuntu oneiric.

No description available for libecryptfs-dev in ubuntu oneiric.

libecryptfs0: No summary available for libecryptfs0 in ubuntu oneiric.

No description available for libecryptfs0 in ubuntu oneiric.