ecryptfs-utils-108-2.5 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10118 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ecryptfs-utils-108-2.5 on GA media These are all security issues fixed in the ecryptfs-utils-108-2.5 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10118 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10118 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2011-1831/ SUSE CVE CVE-2011-1831 page https://www.suse.com/security/cve/CVE-2011-1832/ SUSE CVE CVE-2011-1832 page https://www.suse.com/security/cve/CVE-2011-1833/ SUSE CVE CVE-2011-1833 page https://www.suse.com/security/cve/CVE-2011-1834/ SUSE CVE CVE-2011-1834 page https://www.suse.com/security/cve/CVE-2011-1835/ SUSE CVE CVE-2011-1835 page https://www.suse.com/security/cve/CVE-2011-1836/ SUSE CVE CVE-2011-1836 page https://www.suse.com/security/cve/CVE-2011-1837/ SUSE CVE CVE-2011-1837 page https://www.suse.com/security/cve/CVE-2014-9687/ SUSE CVE CVE-2014-9687 page https://www.suse.com/security/cve/CVE-2016-1572/ SUSE CVE CVE-2016-1572 page openSUSE Tumbleweed ecryptfs-utils-108-2.5 ecryptfs-utils-32bit-108-2.5 ecryptfs-utils-devel-108-2.5 ecryptfs-utils-devel-32bit-108-2.5 libecryptfs1-108-2.5 libecryptfs1-32bit-108-2.5 ecryptfs-utils-108-2.5 as a component of openSUSE Tumbleweed ecryptfs-utils-32bit-108-2.5 as a component of openSUSE Tumbleweed ecryptfs-utils-devel-108-2.5 as a component of openSUSE Tumbleweed ecryptfs-utils-devel-32bit-108-2.5 as a component of openSUSE Tumbleweed libecryptfs1-108-2.5 as a component of openSUSE Tumbleweed libecryptfs1-32bit-108-2.5 as a component of openSUSE Tumbleweed utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call. CVE-2011-1831 openSUSE Tumbleweed:ecryptfs-utils-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5 openSUSE Tumbleweed:libecryptfs1-108-2.5 openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1831.html CVE-2011-1831 https://bugzilla.suse.com/709771 SUSE Bug 709771 https://bugzilla.suse.com/711539 SUSE Bug 711539 utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call. CVE-2011-1832 openSUSE Tumbleweed:ecryptfs-utils-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5 openSUSE Tumbleweed:libecryptfs1-108-2.5 openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1832.html CVE-2011-1832 https://bugzilla.suse.com/709771 SUSE Bug 709771 https://bugzilla.suse.com/711539 SUSE Bug 711539 Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid. CVE-2011-1833 openSUSE Tumbleweed:ecryptfs-utils-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5 openSUSE Tumbleweed:libecryptfs1-108-2.5 openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1833.html CVE-2011-1833 https://bugzilla.suse.com/709771 SUSE Bug 709771 https://bugzilla.suse.com/711539 SUSE Bug 711539 utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call. CVE-2011-1834 openSUSE Tumbleweed:ecryptfs-utils-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5 openSUSE Tumbleweed:libecryptfs1-108-2.5 openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1834.html CVE-2011-1834 https://bugzilla.suse.com/709771 SUSE Bug 709771 https://bugzilla.suse.com/711539 SUSE Bug 711539 The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps. CVE-2011-1835 openSUSE Tumbleweed:ecryptfs-utils-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5 openSUSE Tumbleweed:libecryptfs1-108-2.5 openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1835.html CVE-2011-1835 https://bugzilla.suse.com/709771 SUSE Bug 709771 https://bugzilla.suse.com/711539 SUSE Bug 711539 utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process. CVE-2011-1836 openSUSE Tumbleweed:ecryptfs-utils-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5 openSUSE Tumbleweed:libecryptfs1-108-2.5 openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1836.html CVE-2011-1836 https://bugzilla.suse.com/709771 SUSE Bug 709771 https://bugzilla.suse.com/711539 SUSE Bug 711539 The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors. CVE-2011-1837 openSUSE Tumbleweed:ecryptfs-utils-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5 openSUSE Tumbleweed:libecryptfs1-108-2.5 openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1837.html CVE-2011-1837 https://bugzilla.suse.com/709771 SUSE Bug 709771 https://bugzilla.suse.com/711539 SUSE Bug 711539 eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack. CVE-2014-9687 openSUSE Tumbleweed:ecryptfs-utils-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5 openSUSE Tumbleweed:libecryptfs1-108-2.5 openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9687.html CVE-2014-9687 https://bugzilla.suse.com/920160 SUSE Bug 920160 mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid. CVE-2016-1572 openSUSE Tumbleweed:ecryptfs-utils-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-32bit-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-108-2.5 openSUSE Tumbleweed:ecryptfs-utils-devel-32bit-108-2.5 openSUSE Tumbleweed:libecryptfs1-108-2.5 openSUSE Tumbleweed:libecryptfs1-32bit-108-2.5 moderate 6 AV:L/AC:M/Au:S/C:C/I:C/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-1572.html CVE-2016-1572 https://bugzilla.suse.com/962052 SUSE Bug 962052