Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in ecryptfs-utils
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in ecryptfs-utils
ID: FEDORA-2012-11069
Distribution: Fedora
Plattformen: Fedora 17
Datum: Fr, 3. August 2012, 22:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3409
Applikationen: eCryptfs

Originalnachricht

Name        : ecryptfs-utils
Product : Fedora 17
Version : 99
Release : 1.fc17
URL : https://launchpad.net/ecryptfs
Summary : The eCryptfs mount helper and support libraries
Description :
eCryptfs is a stacked cryptographic filesystem that ships in Linux
kernel versions 2.6.19 and above. This package provides the mount
helper and supporting libraries to perform key management and mount
functions.

Install ecryptfs-utils if you would like to mount eCryptfs.

-------------------------------------------------------------------------------
-
Update Information:

- updated to ecryptfs-utils 99
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Jul 24 2012 Michal Hlavinka <mhlavink@redhat.com> - 99-1
- ecryptfs-utils updated to 99
- fixes: suid helper does not restrict mounting filesystems with
nosuid, nodev leading to possible privilege escalation (CVE-2012-3409)
* Mon Jun 25 2012 Michal Hlavinka <mhlavink@redhat.com> - 97-1
- ecryptfs-utils updated to 97
* Mon Jun 4 2012 Michal Hlavinka <mhlavink@redhat.com> - 96-3
- for file name encryption support check, module must be loaded already
* Mon Apr 16 2012 Michal Hlavinka <mhlavink@redhat.com> - 96-2
- when ecryptfs-mount-fails, check if user is member of ecryptfs group
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #841940 - CVE-2012-3409 ecryptfs-utils: suid helper does not
restrict mounting filesystems with nosuid,nodev leading to possible privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=841940
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update ecryptfs-utils' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung