[ubuntu/quantal] ecryptfs-utils 99-0ubuntu1 (Accepted)

Dustin Kirkland kirkland at ubuntu.com
Fri Jul 13 19:10:53 UTC 2012 

ecryptfs-utils (99-0ubuntu1) quantal; urgency=low

  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.postinst: LP: #936093
    - ensure desktop file is executable
  * precise

  [ Wesley Wiedenmeier ]
  * src/utils/mount.ecryptfs.c: LP: #329264
    - remove old hack, that worked around a temporary kernel regression;
      ensure that all mount memory is mlocked

  [ Sebastian Krahmer ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
    - drop group privileges in the same places that user privileges are
      dropped
    - check return status of setresuid() calls and return if they fail
    - drop privileges before checking for the existence of
      ~/.ecryptfs/auto-mount to prevent possible file existence leakage
      by a symlink to a path that typically would not be searchable by
      the user
    - drop privileges before reading salt from the rc file to prevent the
      leakage of root's salt and, more importantly, using the incorrect salt
    - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
    - after dropping privileges, clear the environment before executing the
      private eCryptfs mount helper
    - discovered by Sebastian Krahmer
  * src/utils/mount.ecryptfs_private.c: LP: #1020904
    - do not allow private eCryptfs mount aliases to contain ".." characters
      as a preventative measure against a crafted file path being used as an
      alias
    - force the MS_NOSUID mount flag to protect against user controlled lower
      filesystems, such as an auto mounted USB drive, that may contain a
      setuid-root binary
      + CVE-2012-3409
    - force the MS_NODEV mount flag
    - after dropping privileges, clear the environment before executing umount
    - discovered by Sebastian Krahmer

  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c: LP: #732614
    - zero statically declared buffers to prevent the leakage of stack
      contents in the case of a short file read
    - discovered by Vasiliy Kulikov
  * src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
    - fix compiler warnings

Date: Fri, 13 Jul 2012 09:52:36 -0500
Changed-By: Dustin Kirkland <kirkland at ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/ecryptfs-utils/99-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 13 Jul 2012 09:52:36 -0500
Source: ecryptfs-utils
Binary: ecryptfs-utils ecryptfs-utils-dbg libecryptfs0 libecryptfs-dev python-ecryptfs
Architecture: source
Version: 99-0ubuntu1
Distribution: quantal
Urgency: low
Maintainer: Dustin Kirkland <kirkland at ubuntu.com>
Changed-By: Dustin Kirkland <kirkland at ubuntu.com>
Description: 
 ecryptfs-utils - ecryptfs cryptographic filesystem (utilities)
 ecryptfs-utils-dbg - ecryptfs cryptographic filesystem (utilities; debug)
 libecryptfs-dev - ecryptfs cryptographic filesystem (development)
 libecryptfs0 - ecryptfs cryptographic filesystem (library)
 python-ecryptfs - ecryptfs cryptographic filesystem (python)
Launchpad-Bugs-Fixed: 329264 732614 936093 1020904
Changes: 
 ecryptfs-utils (99-0ubuntu1) quantal; urgency=low
 .
   [ Dustin Kirkland ]
   * debian/ecryptfs-utils.postinst: LP: #936093
     - ensure desktop file is executable
   * precise
 .
   [ Wesley Wiedenmeier ]
   * src/utils/mount.ecryptfs.c: LP: #329264
     - remove old hack, that worked around a temporary kernel regression;
       ensure that all mount memory is mlocked
 .
   [ Sebastian Krahmer ]
   * src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
     - drop group privileges in the same places that user privileges are
       dropped
     - check return status of setresuid() calls and return if they fail
     - drop privileges before checking for the existence of
       ~/.ecryptfs/auto-mount to prevent possible file existence leakage
       by a symlink to a path that typically would not be searchable by
       the user
     - drop privileges before reading salt from the rc file to prevent the
       leakage of root's salt and, more importantly, using the incorrect salt
     - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
   * src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
     - after dropping privileges, clear the environment before executing the
       private eCryptfs mount helper
     - discovered by Sebastian Krahmer
   * src/utils/mount.ecryptfs_private.c: LP: #1020904
     - do not allow private eCryptfs mount aliases to contain ".." characters
       as a preventative measure against a crafted file path being used as an
       alias
     - force the MS_NOSUID mount flag to protect against user controlled lower
       filesystems, such as an auto mounted USB drive, that may contain a
       setuid-root binary
       + CVE-2012-3409
     - force the MS_NODEV mount flag
     - after dropping privileges, clear the environment before executing umount
     - discovered by Sebastian Krahmer
 .
   [ Tyler Hicks ]
   * src/libecryptfs/key_management.c: LP: #732614
     - zero statically declared buffers to prevent the leakage of stack
       contents in the case of a short file read
     - discovered by Vasiliy Kulikov
   * src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
     - fix compiler warnings
Checksums-Sha1: 
 4c504ddd1a8522f9d449a7ee483b665972c61383 2320 ecryptfs-utils_99-0ubuntu1.dsc
 efea2684484782977e6fbe35584dd18f61eeee6a 609958 ecryptfs-utils_99.orig.tar.gz
 6a63e03aef609e98f57fe4ad39c2c8bbc93aaa3d 22831 ecryptfs-utils_99-0ubuntu1.debian.tar.gz
Checksums-Sha256: 
 c4033d394dc563f3e05df80e1b80448f0a3d164272df0fe98fea965f506aa516 2320 ecryptfs-utils_99-0ubuntu1.dsc
 145f8aae31c1a03036297f8a15aa2a127c09589765a16dfb551b8d1e7abe6154 609958 ecryptfs-utils_99.orig.tar.gz
 9c3bdc62370eb0434acd3b7baf7bb4e50f8c8f7d531ecc5850ac7ea7cc4dc216 22831 ecryptfs-utils_99-0ubuntu1.debian.tar.gz
Files: 
 5aa93e62106e59994bbac33cda661ace 2320 misc optional ecryptfs-utils_99-0ubuntu1.dsc
 17ef9190c6d078845e19d3e9a7d8ef7a 609958 misc optional ecryptfs-utils_99.orig.tar.gz
 7255ed8358199546dafd886c266030c2 22831 misc optional ecryptfs-utils_99-0ubuntu1.debian.tar.gz
Original-Maintainer: Daniel Baumann <daniel at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJQAHKWAAoJEJXmQ3PxUpRpsVEQALz3parFxsK8iFPJOnxsyvuv
qroSrk7VRbOdJrxZqpT9O7yd4H7iYDt07J1/FhSxGaUGGoKdWszcR045p7nuocRO
FDbk14wFWbcAlzYAVOk9C6hyr3OOjrfAZlJi0aewOE494fkBV4v+Vj5ki3GnycOy
eMtBazh/Hgw1tVz7sF2Ncc1nfOhokj6J0sIqTNkeBH/Hx4qsDh9YBeJx776lMWoP
fY0BY8+S8YmDYy73S318jpbA7OeWsHUhbcHHohBC+pzvB0GRGWWFZQWKGaQbnhTw
aZaCtulf4+X65icNbiOLV3A9qxPOSpTKcFmQn1U3aaSMJMSxFY7ZxmBPnLY2iHuJ
OR8UEerzBaslj7e7MnCyq03B1Xtm8Ld1Bk2Ugp4gTwFZ9ECO9N7koXASSKwwM76r
ymwz937Xu+uLvfWP+TpMs5PEKuUQq+IGwTM/wjoP2JG1lwDjKZOeAQzi05aAXFdg
uP8dJQ2WSl8Rwa9xE3XkSKdDbbH/+uSmMxjzNz5L+JqHuPoX7hMaWhCyFiD78QQ4
WYgfbhdJ5WJ7ijgKRo3Wb2g4pMZ5j+IElLz2NhRfJMqP6Nb8e6ILbvrR1F75cWHE
a7St8bl2TSoJOlfyyWZNEaJ5F345XQ1mqupbYs19XPOJ2NcTDfRxh3TUHQbcfVOx
IOW3d2iV4qKT1PLb625z
=ZsOi
-----END PGP SIGNATURE-----

More information about the Quantal-changes mailing list