Package: ecryptfs-utils / 103-5+deb8u1

Metadata

Package Version Patches format
ecryptfs-utils 103-5+deb8u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
CVE 2014 9687.patch | (download)

src/include/ecryptfs.h | 4 3 + 1 - 0 !
src/libecryptfs/key_management.c | 520 473 + 47 - 0 !
src/pam_ecryptfs/pam_ecryptfs.c | 32 32 + 0 - 0 !
tests/userspace/Makefile.am | 15 8 + 7 - 0 !
tests/userspace/tests.rc | 2 1 + 1 - 0 !
tests/userspace/v1-to-v2-wrapped-passphrase.sh | 63 63 + 0 - 0 !
tests/userspace/v1-to-v2-wrapped-passphrase/test.c | 189 189 + 0 - 0 !
tests/userspace/v1-to-v2-wrapped-passphrase/wp01 | 1 1 + 0 - 0 !
tests/userspace/v1-to-v2-wrapped-passphrase/wp02 | 1 1 + 0 - 0 !
tests/userspace/v1-to-v2-wrapped-passphrase/wp03 | 1 1 + 0 - 0 !
tests/userspace/v1-to-v2-wrapped-passphrase/wp04 | 1 1 + 0 - 0 !
tests/userspace/v1-to-v2-wrapped-passphrase/wp05 | 1 1 + 0 - 0 !
tests/userspace/wrap-unwrap.sh | 7 6 + 1 - 0 !
13 files changed, 780 insertions(+), 57 deletions(-)

 salt the wrapping passphrase
 Modify ecryptfs_wrap_passphrase() to randomly generate an 8 byte salt to be
 used with the wrapping passphrase.
 .
 The salt is stored in the wrapped-passphrase file. To accomodate the randomly
 generated salt, a new wrapped-passphrase file format is introduced. It is
 referred to as "version 2".
 .
 The ability to read the version 1 wrapped-passphrase file format is retained.
 However, ecryptfs_wrap_passphrase() is modified to only create version 2
 wrapped-passphrase files.
 .
 The pam_ecryptfs module is modified to transparently migrate from version 1 to
 version 2 files when the user successfully logs in with their login password.
CVE 2016 1572.patch | (download)

src/utils/mount.ecryptfs_private.c | 61 61 + 0 - 0 !
1 file changed, 61 insertions(+)

 [patch] mount.ecryptfs_private: validate mount destination fs type

Refuse to mount over non-standard filesystems. Mounting over
certain types filesystems is a red flag that the user is doing
something devious, such as mounting over the /proc/self symlink
target with malicious content in order to confuse programs that may
attempt to parse those files. (LP: #1530566)

https://launchpad.net/bugs/1530566