Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Jul 2016 01:38:52 -0500
From: Tyler Hicks <tyhicks@...onical.com>
To: oss-security@...ts.openwall.com
Subject: CVE Requests: Information exposure caused by ecryptfs-setup-swap
 failures

Hello - I'd like to request two CVEs. The flaws are in the
ecryptfs-setup-swap script that is provided by the upstream
ecryptfs-utils project. The script can be used to convert an existing,
unencrypted swap partition into a swap partition that is encrypted.
System admins may use this tool and the Ubuntu installer uses it when
the user opts into home directory encryption.

On systems using systemd 211 or newer and GPT partitioning, the
unencrypted swap partition was being automatically activated during boot
and the encrypted swap was not used. This was due to ecryptfs-setup-swap
not marking the swap partition as "no-auto", as defined by the
Discoverable Partitions Spec:


https://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/

Details of the two issues needing CVEs:

ecryptfs-setup-swap improperly configures encrypted swap when using GPT
partitioning
Bug: https://launchpad.net/bugs/1447282
Fix: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857
(Please ignore the inaccurate commit message for commit 857)

ecryptfs-setup-swap improperly configures encrypted swap when using GPT
partitioning on a NVMe or MMC drive. This bug is due to an incomplete
fix for bug 1447282.
Bug: https://launchpad.net/bugs/1597154
Fix: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882

Tyler



[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ