Описание
Security update for ecryptfs-utils
This update for ecryptfs-utils fixes the following issues:
- CVE-2015-8946: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning (bsc#989121)
- CVE-2016-6224: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive (bsc#989122)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
ecryptfs-utils-103-8.3.1
ecryptfs-utils-32bit-103-8.3.1
SUSE Linux Enterprise Desktop 12 SP3
ecryptfs-utils-103-8.3.1
ecryptfs-utils-32bit-103-8.3.1
SUSE Linux Enterprise Server 12 SP2
ecryptfs-utils-103-8.3.1
ecryptfs-utils-32bit-103-8.3.1
SUSE Linux Enterprise Server 12 SP3
ecryptfs-utils-103-8.3.1
ecryptfs-utils-32bit-103-8.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
ecryptfs-utils-103-8.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
ecryptfs-utils-103-8.3.1
ecryptfs-utils-32bit-103-8.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
ecryptfs-utils-103-8.3.1
ecryptfs-utils-32bit-103-8.3.1
Ссылки
- Link for SUSE-SU-2018:0336-1
- E-Mail link for SUSE-SU-2018:0336-1
- SUSE Security Ratings
- SUSE Bug 989121
- SUSE Bug 989122
- SUSE CVE CVE-2015-8946 page
- SUSE CVE CVE-2016-6224 page
Описание
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:ecryptfs-utils-103-8.3.1
SUSE Linux Enterprise Desktop 12 SP2:ecryptfs-utils-32bit-103-8.3.1
SUSE Linux Enterprise Desktop 12 SP3:ecryptfs-utils-103-8.3.1
SUSE Linux Enterprise Desktop 12 SP3:ecryptfs-utils-32bit-103-8.3.1
Ссылки
- CVE-2015-8946
- SUSE Bug 989121
- SUSE Bug 989122
Описание
ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:ecryptfs-utils-103-8.3.1
SUSE Linux Enterprise Desktop 12 SP2:ecryptfs-utils-32bit-103-8.3.1
SUSE Linux Enterprise Desktop 12 SP3:ecryptfs-utils-103-8.3.1
SUSE Linux Enterprise Desktop 12 SP3:ecryptfs-utils-32bit-103-8.3.1
Ссылки
- CVE-2016-6224
- SUSE Bug 989121
- SUSE Bug 989122