Package: ecryptfs-utils | Debian Sources

Package: ecryptfs-utils / 103-5+deb8u1

Metadata

Package	Version	Patches format
ecryptfs-utils	103-5+deb8u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
CVE 2014 9687.patch \| (download)	src/include/ecryptfs.h \| 4 3 + 1 - 0 ! src/libecryptfs/key_management.c \| 520 473 + 47 - 0 ! src/pam_ecryptfs/pam_ecryptfs.c \| 32 32 + 0 - 0 ! tests/userspace/Makefile.am \| 15 8 + 7 - 0 ! tests/userspace/tests.rc \| 2 1 + 1 - 0 ! tests/userspace/v1-to-v2-wrapped-passphrase.sh \| 63 63 + 0 - 0 ! tests/userspace/v1-to-v2-wrapped-passphrase/test.c \| 189 189 + 0 - 0 ! tests/userspace/v1-to-v2-wrapped-passphrase/wp01 \| 1 1 + 0 - 0 ! tests/userspace/v1-to-v2-wrapped-passphrase/wp02 \| 1 1 + 0 - 0 ! tests/userspace/v1-to-v2-wrapped-passphrase/wp03 \| 1 1 + 0 - 0 ! tests/userspace/v1-to-v2-wrapped-passphrase/wp04 \| 1 1 + 0 - 0 ! tests/userspace/v1-to-v2-wrapped-passphrase/wp05 \| 1 1 + 0 - 0 ! tests/userspace/wrap-unwrap.sh \| 7 6 + 1 - 0 ! 13 files changed, 780 insertions(+), 57 deletions(-)	salt the wrapping passphrase Modify ecryptfs_wrap_passphrase() to randomly generate an 8 byte salt to be used with the wrapping passphrase. . The salt is stored in the wrapped-passphrase file. To accomodate the randomly generated salt, a new wrapped-passphrase file format is introduced. It is referred to as "version 2". . The ability to read the version 1 wrapped-passphrase file format is retained. However, ecryptfs_wrap_passphrase() is modified to only create version 2 wrapped-passphrase files. . The pam_ecryptfs module is modified to transparently migrate from version 1 to version 2 files when the user successfully logs in with their login password.
CVE 2016 1572.patch \| (download)	src/utils/mount.ecryptfs_private.c \| 61 61 + 0 - 0 ! 1 file changed, 61 insertions(+)	[patch] mount.ecryptfs_private: validate mount destination fs type Refuse to mount over non-standard filesystems. Mounting over certain types filesystems is a red flag that the user is doing something devious, such as mounting over the /proc/self symlink target with malicious content in order to confuse programs that may attempt to parse those files. (LP: #1530566) https://launchpad.net/bugs/1530566

Patch

File delta

Description

CVE 2014 9687.patch | (download)

 salt the wrapping passphrase
 Modify ecryptfs_wrap_passphrase() to randomly generate an 8 byte salt to be
 used with the wrapping passphrase.
 .
 The salt is stored in the wrapped-passphrase file. To accomodate the randomly
 generated salt, a new wrapped-passphrase file format is introduced. It is
 referred to as "version 2".
 .
 The ability to read the version 1 wrapped-passphrase file format is retained.
 However, ecryptfs_wrap_passphrase() is modified to only create version 2
 wrapped-passphrase files.
 .
 The pam_ecryptfs module is modified to transparently migrate from version 1 to
 version 2 files when the user successfully logs in with their login password.

CVE 2016 1572.patch | (download)

src/utils/mount.ecryptfs_private.c | 61 61 + 0 - 0 !
1 file changed, 61 insertions(+)

 [patch] mount.ecryptfs_private: validate mount destination fs type

Refuse to mount over non-standard filesystems. Mounting over
certain types filesystems is a red flag that the user is doing
something devious, such as mounting over the /proc/self symlink
target with malicious content in order to confuse programs that may
attempt to parse those files. (LP: #1530566)

https://launchpad.net/bugs/1530566