Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:0241-1

Опубликовано: 25 янв. 2016
Источник: suse-cvrf

Описание

Security update for ecryptfs-utils

This update for ecryptfs-utils fixes the following issues:

  • CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems (bsc#962052)
  • CVE-2014-9687: A default salt value reduced complexity of offline precomputation attacks (bsc#920160)

Список пакетов

SUSE Linux Enterprise Desktop 12
ecryptfs-utils-103-7.1
ecryptfs-utils-32bit-103-7.1
SUSE Linux Enterprise Desktop 12 SP1
ecryptfs-utils-103-7.1
ecryptfs-utils-32bit-103-7.1
SUSE Linux Enterprise Server 12
ecryptfs-utils-103-7.1
ecryptfs-utils-32bit-103-7.1
SUSE Linux Enterprise Server 12 SP1
ecryptfs-utils-103-7.1
ecryptfs-utils-32bit-103-7.1
SUSE Linux Enterprise Server for SAP Applications 12
ecryptfs-utils-103-7.1
ecryptfs-utils-32bit-103-7.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
ecryptfs-utils-103-7.1
ecryptfs-utils-32bit-103-7.1

Ссылки

Описание

eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:ecryptfs-utils-103-7.1
SUSE Linux Enterprise Desktop 12 SP1:ecryptfs-utils-32bit-103-7.1
SUSE Linux Enterprise Desktop 12:ecryptfs-utils-103-7.1
SUSE Linux Enterprise Desktop 12:ecryptfs-utils-32bit-103-7.1
Ссылки

Описание

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:ecryptfs-utils-103-7.1
SUSE Linux Enterprise Desktop 12 SP1:ecryptfs-utils-32bit-103-7.1
SUSE Linux Enterprise Desktop 12:ecryptfs-utils-103-7.1
SUSE Linux Enterprise Desktop 12:ecryptfs-utils-32bit-103-7.1
Ссылки