Uploaded image for project: 'Funtoo Linux'
  1. Funtoo Linux
  2. FL-10366

sys-fs/ecryptfs-utils-108-r2 - high and low severity vulns

XMLWordPrintable

    • Icon: Security Vulnerability Security Vulnerability
    • Resolution: Fixed
    • Icon: Important (Ebuild) Important (Ebuild)
    • None
    • None
    • various vulnerabilities exist for elfutils. 

      {
  "id": "CVE-2016-6224",
  "is_known_exploited_vuln": false,
  "description": "ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946.",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2016-6224",
    "https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882",
    "http://www.openwall.com/lists/oss-security/2016/07/14/3",
    "http://www.openwall.com/lists/oss-security/2016/07/13/2",
    "http://www.ubuntu.com/usn/USN-3032-1",
    "https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1447282",
    "https://bugs.launchpad.net/ecryptfs/+bug/1597154",
    "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5WWCVHDLRLZTYMXEIONYFHLYAXXLJW3/"
  ]
}
{
  "id": "CVE-2015-8946",
  "is_known_exploited_vuln": false,
  "description": "ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2015-8946",
    "http://www.openwall.com/lists/oss-security/2016/07/14/3",
    "http://www.openwall.com/lists/oss-security/2016/07/13/2",
    "http://www.ubuntu.com/usn/USN-3032-1",
    "https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857",
    "https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1447282"
  ]
}
{
  "id": "CVE-2016-1572",
  "is_known_exploited_vuln": false,
  "description": "mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.",
  "urls": [
    "https://nvd.nist.gov/vuln/detail/CVE-2016-1572",
    "http://www.openwall.com/lists/oss-security/2016/01/20/6",
    "http://www.ubuntu.com/usn/USN-2876-1",
    "https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870",
    "https://bugs.launchpad.net/ecryptfs/+bug/1530566",
    "http://www.debian.org/security/2016/dsa-3450",
    "http://lists.opensuse.org/opensuse-updates/2016-01/msg00091.html",
    "http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html",
    "http://lists.opensuse.org/opensuse-updates/2016-02/msg00004.html",
    "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177359.html",
    "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177396.html",
    "http://www.securitytracker.com/id/1034791"
  ]
}

      proposed solution
      update package to version 111

            mrl5 mrl5
            mrl5 mrl5
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: