Security update for ecryptfs-utils
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2016:0239-1
Final
1
1
2016-01-25T16:35:09Z
current
2016-01-25T16:35:09Z
2016-01-25T16:35:09Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for ecryptfs-utils
This update for ecryptfs-utils fixes the following issues:
- CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems (bsc#962052)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
http://lists.opensuse.org/opensuse-updates/2016-01/msg00091.html
E-Mail link for openSUSE-SU-2016:0239-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE 13.2
ecryptfs-utils-104-3.1
ecryptfs-utils-32bit-104-3.1
ecryptfs-utils-debuginfo-104-3.1
ecryptfs-utils-debuginfo-32bit-104-3.1
ecryptfs-utils-debugsource-104-3.1
ecryptfs-utils-104-3.1 as a component of openSUSE 13.2
ecryptfs-utils-32bit-104-3.1 as a component of openSUSE 13.2
ecryptfs-utils-debuginfo-104-3.1 as a component of openSUSE 13.2
ecryptfs-utils-debuginfo-32bit-104-3.1 as a component of openSUSE 13.2
ecryptfs-utils-debugsource-104-3.1 as a component of openSUSE 13.2
mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
CVE-2016-1572
openSUSE 13.2:ecryptfs-utils-104-3.1
openSUSE 13.2:ecryptfs-utils-32bit-104-3.1
openSUSE 13.2:ecryptfs-utils-debuginfo-104-3.1
openSUSE 13.2:ecryptfs-utils-debuginfo-32bit-104-3.1
openSUSE 13.2:ecryptfs-utils-debugsource-104-3.1
moderate
6.0
AV:L/AC:M/Au:S/C:C/I:C/A:N
Please Install the update.
http://lists.opensuse.org/opensuse-updates/2016-01/msg00091.html
https://www.suse.com/security/cve/CVE-2016-1572.html
CVE-2016-1572
https://bugzilla.suse.com/962052
SUSE Bug 962052