openSUSE-SU-2017:0158-1

Опубликовано: 16 янв. 2017

Источник: suse-cvrf

Описание

Security update for encfs

This update for encfs fixes the following issues:

A new option --require-macs was added to address CVE-2014-3462 (boo#878257) This will now trigger a warning if MAC headers were disabled via configuration.

In addition, encfs was updated to 1.8.1 including all upstream improvements and fixes.

Список пакетов

openSUSE Leap 42.1

encfs-1.8.1-5.1

encfs-lang-1.8.1-5.1

openSUSE Leap 42.2

encfs-1.8.1-5.1

encfs-lang-1.8.1-5.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-01/msg00090.html
E-Mail link for openSUSE-SU-2017:0158-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

Затронутые продукты

openSUSE Leap 42.1:encfs-1.8.1-5.1

openSUSE Leap 42.1:encfs-lang-1.8.1-5.1

openSUSE Leap 42.2:encfs-1.8.1-5.1

openSUSE Leap 42.2:encfs-lang-1.8.1-5.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-3462.html
CVE-2014-3462
https://bugzilla.suse.com/878257
SUSE Bug 878257

openSUSE-SU-2017:0158-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2014-3462

Описание

Затронутые продукты

Ссылки