Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Ubuntu 14.04 LTS USN-2524-1 Moderate: eCryptfs Access Issue

ubuntu
Calendar Grey March 11, 2015
Dist Ubuntu Esm H88
A potential flaw in Ubuntu's eCryptfs could lead to risks where unauthorized users may access encrypted files. Please apply updates to safeguard your data.
Sensitive information in encrypted home and Private directories could beexposed if an attacker gained access to your files.

Summary

Sensitive information in encrypted home and Private directories could be

exposed if an attacker gained access to your files.

Software Description:

- ecryptfs-utils: eCryptfs cryptographic filesystem utilities

Details:

Sylvain Pelissier discovered that eCryptfs did not generate a random salt when

encrypting the mount passphrase with the login password. An attacker could use

this issue to discover the login password used to protect the mount passphrase

and gain unintended access to the encrypted files.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  ecryptfs-utils                  104-0ubuntu1.14.10.3
  libecryptfs0                    104-0ubuntu1.14.10.3

Ubuntu 14.04 LTS:
  ecryptfs-utils                  104-0ubuntu1.14.04.3
  libecryptfs0                    104-0ubuntu1.14.04.3

Ubuntu 12.04 LTS:
  ecryptfs-utils                  96-0ubuntu3.4
  libecryptfs0                    96-0ubuntu3.4

Ubuntu 10.04 LTS:
  ecryptfs-utils                  83-0ubuntu3.2.10.04.6
  libecryptfs0                    83-0ubuntu3.2.10.04.6

After a standard system update you need to log out of all sessions and then log
back in to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2524-1

CVE-2014-9687

Severity
important
Lowest
Low
Medium
High
Critical

March 11, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.