ecryptfs-utils (83-0ubuntu3.2.10.04.6) lucid-security; urgency=medium
* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
- src/libecryptfs/key_management.c, src/include/ecryptfs.h: Generate a
random salt when wrapping the mount passphrase.
- src/pam_ecryptfs/pam_ecryptfs.c: If a user has a mount passphrase that was
wrapped using the default salt, their mount passphrase will be rewrapped
using a random salt when they log in with their password.
- src/libecryptfs/key_management.c: Create a temporary file when creating
a new wrapped-passphrase file and copy it to its final destination after
the file has been fully synced to disk (LP: #1020902)
- CVE-2014-9687
ecryptfs-utils (83-0ubuntu3.2.10.04.3) lucid-proposed; urgency=low
* src/libecryptfs/key_management.c: LP: #725862
- fix nasty bug affecting users who do *not* encrypt filenames;
the first login works, but on logout, only one key gets
cleaned out; subsequent logins do not insert the necessary key
due to an early "goto out"
Date: 2015-03-04 23:10:13.279684+00:00
Changed-By: Tyler Hicks <tyhi...@canonical.com>
https://launchpad.net/ubuntu/+source/ecryptfs-utils/83-0ubuntu3.2.10.04.6
Sorry, changesfile not available.
--
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/lucid-changes
