This bug was fixed in the package ecryptfs-utils - 104-0ubuntu1.14.10.3
---------------
ecryptfs-utils (104-0ubuntu1.14.10.3) utopic-security; urgency=medium
* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
- debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
the mount passphrase. If a user has a mount passphrase that was wrapped
using the default salt, their mount passphrase will be rewrapped using a
random salt when they log in with their password.
- debian/patches/CVE-2014-9687.patch: Create a temporary file when
creating a new wrapped-passphrase file and copy it to its final
destination after the file has been fully synced to disk (LP: #1020902)
- debian/rules: Set the executable bit on the
v1-to-v2-wrapped-passphrase.sh test script that was created by
wrapping-passphrase-salt.patch
- CVE-2014-9687
-- Tyler Hicks <[email protected]> Wed, 04 Mar 2015 16:40:18 -0600
** Changed in: ecryptfs-utils (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9687
** Changed in: ecryptfs-utils (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1020902
Title:
ecryptfs may truncate encrypted passphrase store
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1020902/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
