Package: ecryptfs-utils / 103-5+deb8u1
Patch seriesview the series file
|CVE 2014 9687.patch | (download)||
4 3 + 1 - 0 !
salt the wrapping passphrase Modify ecryptfs_wrap_passphrase() to randomly generate an 8 byte salt to be used with the wrapping passphrase. . The salt is stored in the wrapped-passphrase file. To accomodate the randomly generated salt, a new wrapped-passphrase file format is introduced. It is referred to as "version 2". . The ability to read the version 1 wrapped-passphrase file format is retained. However, ecryptfs_wrap_passphrase() is modified to only create version 2 wrapped-passphrase files. . The pam_ecryptfs module is modified to transparently migrate from version 1 to version 2 files when the user successfully logs in with their login password.
|CVE 2016 1572.patch | (download)||
61 61 + 0 - 0 !
[patch] mount.ecryptfs_private: validate mount destination fs type Refuse to mount over non-standard filesystems. Mounting over certain types filesystems is a red flag that the user is doing something devious, such as mounting over the /proc/self symlink target with malicious content in order to confuse programs that may attempt to parse those files. (LP: #1530566) https://launchpad.net/bugs/1530566