Format: 1.8 Date: Thu, 04 Aug 2011 10:37:00 -0400 Source: ecryptfs-utils Binary: ecryptfs-utils libecryptfs0 libecryptfs-dev Architecture: armel armel_translations Version: 83-0ubuntu3.2.10.04.1 Distribution: lucid Urgency: low Maintainer: Ubuntu/armel Build Daemon Changed-By: Marc Deslauriers Description: ecryptfs-utils - ecryptfs cryptographic filesystem (utilities) libecryptfs-dev - ecryptfs cryptographic filesystem (development) libecryptfs0 - ecryptfs cryptographic filesystem (library) Launchpad-Bugs-Fixed: 732628 732628 732628 732628 732628 Changes: ecryptfs-utils (83-0ubuntu3.2.10.04.1) lucid-security; urgency=low . * SECURITY UPDATE: privilege escalation via mountpoint race conditions (LP: #732628) - src/utils/mount.ecryptfs_private.c: chdir into mountpoint before checking permissions. Patch thanks to Dan Rosenberg. - CVE-2011-1831 - CVE-2011-1832 * SECURITY UPDATE: race condition when checking source during mount (LP: #732628) - src/utils/mount.ecryptfs_private.c: use new ecryptfs_check_dev_ruid kernel option when mounting directory. - CVE-2011-1833 * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628) - src/utils/mount.ecryptfs_private.c: modify mtab via a temp file first and make sure it succeeds before replacing the real mtab. Patch thanks to Dan Rosenberg. - CVE-2011-1834 * SECURITY UPDATE: key poisoning via insecure temp directory handling (LP: #732628) - src/utils/ecryptfs-setup-private: make sure we don't copy into a user controlled directory. - CVE-2011-1835 * SECURITY UPDATE: arbitrary file overwrite via lock counter race condition (LP: #732628) - src/utils/mount.ecryptfs_private.c: verify permissions with a file descriptor, and don't follow symlinks. - CVE-2011-1837 Checksums-Sha1: 225fbade823bb2fc7cf86d8c5cd817a554e427de 107084 ecryptfs-utils_83-0ubuntu3.2.10.04.1_armel.deb 498870ec15c93c97eed87ab0db6b3c6a16d4f7f0 69100 libecryptfs0_83-0ubuntu3.2.10.04.1_armel.deb 064a9152ea661a5cca365a7d9c0676c5159bf559 63480 libecryptfs-dev_83-0ubuntu3.2.10.04.1_armel.deb 4e7664a76c797708208f889e0c9957d92f0cd1f8 1849 ecryptfs-utils_83-0ubuntu3.2.10.04.1_armel_translations.tar.gz Checksums-Sha256: 78eb07321d1d2d14efd425a0ff73c8136add9cfde33d6ad6915668c50b71fba3 107084 ecryptfs-utils_83-0ubuntu3.2.10.04.1_armel.deb 24d74d13ffa9012b5fdf26645287b416a8670b22ba0ee755e90345ac932f7947 69100 libecryptfs0_83-0ubuntu3.2.10.04.1_armel.deb 66dda1ecc0908fa237f18e099f1f01e3a2635318a232e26be19e695e994cf7a2 63480 libecryptfs-dev_83-0ubuntu3.2.10.04.1_armel.deb fe0e4c5cfdde2fc2f7478771917283265cb32c582385845b1239c3d91f4b8717 1849 ecryptfs-utils_83-0ubuntu3.2.10.04.1_armel_translations.tar.gz Files: bfec8ff989526cb9d585e0b9148b9bf0 107084 misc optional ecryptfs-utils_83-0ubuntu3.2.10.04.1_armel.deb 9228fd127cf035d469ab1e54fe4728c4 69100 libs optional libecryptfs0_83-0ubuntu3.2.10.04.1_armel.deb dc55220959729a8ff82bb6b59278f05f 63480 libdevel optional libecryptfs-dev_83-0ubuntu3.2.10.04.1_armel.deb 8e2e724f03cab72fd783567750d63808 1849 raw-translations - ecryptfs-utils_83-0ubuntu3.2.10.04.1_armel_translations.tar.gz Original-Maintainer: Daniel Baumann