[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 397-1] ecryptfs-utils security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ecryptfs-utils
Version        : 83-4+squeeze2
CVE ID         : CVE-2016-1572

Jann Horn discovered that the setuid-root mount.ecryptfs_private helper
in the ecryptfs-utils would mount over any target directory that the
user owns, including a directory in procfs. A local attacker could use
this flaw to escalate his privileges.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWn7BdAAoJEAVMuPMTQ89EilMP/2Q9otx2HkSHxzEbzoUk8C8z
QiZt0FUhsXgQqkqvJ/7jptqOpnfJymXDqz7K6TiJjWvt6QZ56lj131tOGyUbhczm
ftnWgZLIqQhnucG996xi4PWImrGDMxVVRKoMi+gwhIaKqDFBtkkckbLL2XhrxZCL
2ORQdKEClabfScKeMBHyzj6OJrsWlJtFuZ4oMi+ztax3V54/AIiwD76v2PEpRJXa
Cr9bEroB9701oKyatsYTLnQVdT4X6/3PanO2mXHyWF3y4LF5JKF3uoNaP8xeToVz
rVkwXqCBdKKQRwc3rGQ0lXQZmmG3pzUEfQbsYPXrFG65u0IFCGJCiZ7KbgCcMJyR
4f5cCfSG6RI1d2rn6YdSlVs9TuimjPmK9GL2isAMdfCZ451jQz5s6PpTEIivRJJI
ZRevmeG6GFB94swRuzxDhsQI3j1q0HftbHrU7ZA7W70H/qeRBdBiPVwvTA5vqv7b
FvKQxBex877miHoBjwKYzGi2jZUiUznk2DnGz6SzbMfYEz8GBpoJ1YGzqsGFp3nL
klCku0Ihz6rDnx4iS6Z7b99dOtmIjCxuOJY5WjBP6ZepFR/9+14WllPJsxor0NCp
gUpnprmSwqqjS3zidgbCtsFDv79lTFBn2Wr1lj5zOUZb1WybWvmlz8nwYVT1JCqw
9FEC1yBD08ACQ5cr9LIm
=jtzp
-----END PGP SIGNATURE-----


Reply to: