Format: 1.8 Date: Thu, 04 Aug 2011 10:41:53 -0400 Source: ecryptfs-utils Binary: ecryptfs-utils libecryptfs0 libecryptfs-dev Architecture: armel armel_translations Version: 83-0ubuntu3.2.10.10.1 Distribution: maverick Urgency: low Maintainer: Ubuntu/armel Build Daemon Changed-By: Marc Deslauriers Description: ecryptfs-utils - ecryptfs cryptographic filesystem (utilities) libecryptfs-dev - ecryptfs cryptographic filesystem (development) libecryptfs0 - ecryptfs cryptographic filesystem (library) Launchpad-Bugs-Fixed: 732628 Changes: ecryptfs-utils (83-0ubuntu3.2.10.10.1) maverick-security; urgency=low . * SECURITY UPDATE: privilege escalation via mountpoint race conditions (LP: #732628) - src/utils/mount.ecryptfs_private.c: chdir into mountpoint before checking permissions. Patch thanks to Dan Rosenberg. - CVE-2011-1831 - CVE-2011-1832 * SECURITY UPDATE: race condition when checking source during mount (LP: #732628) - src/utils/mount.ecryptfs_private.c: use new ecryptfs_check_dev_ruid kernel option when mounting directory. - CVE-2011-1833 * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628) - src/utils/mount.ecryptfs_private.c: modify mtab via a temp file first and make sure it succeeds before replacing the real mtab. Patch thanks to Dan Rosenberg. - CVE-2011-1834 * SECURITY UPDATE: key poisoning via insecure temp directory handling (LP: #732628) - src/utils/ecryptfs-setup-private: make sure we don't copy into a user controlled directory. - CVE-2011-1835 * SECURITY UPDATE: arbitrary file overwrite via lock counter race condition (LP: #732628) - src/utils/mount.ecryptfs_private.c: verify permissions with a file descriptor, and don't follow symlinks. - CVE-2011-1837 Checksums-Sha1: cc02fdd5dde473e3e8a466817da40928364ef082 105996 ecryptfs-utils_83-0ubuntu3.2.10.10.1_armel.deb 91e3e29f1ad3c3818d8c40130fd60b21f4cd09a9 73182 libecryptfs0_83-0ubuntu3.2.10.10.1_armel.deb f1d0808abce11e3a142988f3c8597389e3c7dd19 71844 libecryptfs-dev_83-0ubuntu3.2.10.10.1_armel.deb ea5cd64e09fc10ba2802e22c74839db09fed30e1 1849 ecryptfs-utils_83-0ubuntu3.2.10.10.1_armel_translations.tar.gz Checksums-Sha256: f142eb9086b3463c24ccb9ca4f53cffb1d7487fea2b9004f015d5367dc729e0d 105996 ecryptfs-utils_83-0ubuntu3.2.10.10.1_armel.deb 4d21109b01cf30f0b81b46474a08c2d979459f208ae037cef8cc8d4133c1379c 73182 libecryptfs0_83-0ubuntu3.2.10.10.1_armel.deb 4533b6ae22869fa2acc2ca2999be0cdf1d2ee7a6e4faa996249eb118a5ed590f 71844 libecryptfs-dev_83-0ubuntu3.2.10.10.1_armel.deb e458e202ee7b1a196084ef5392a0e5ef2cb9cbdf77c104a61cd916f2bb45a317 1849 ecryptfs-utils_83-0ubuntu3.2.10.10.1_armel_translations.tar.gz Files: 1979c3eb3892a07c26dcb1db60eadf1d 105996 misc optional ecryptfs-utils_83-0ubuntu3.2.10.10.1_armel.deb 741bc276edb7ece3ee27897c2fa0f796 73182 libs optional libecryptfs0_83-0ubuntu3.2.10.10.1_armel.deb 8cb426c2961cadc9983c15d7af49e7ed 71844 libdevel optional libecryptfs-dev_83-0ubuntu3.2.10.10.1_armel.deb 6967202fe13ea8ded1b7d8d5bd2a14bc 1849 raw-translations - ecryptfs-utils_83-0ubuntu3.2.10.10.1_armel_translations.tar.gz Original-Maintainer: Daniel Baumann