Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 14 Jul 2016 14:09:43 -0400 (EDT)
From: cve-assign@...re.org
To: tyhicks@...onical.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Requests: Information exposure caused by ecryptfs-setup-swap failures

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> ecryptfs-setup-swap script that is provided by the upstream
> ecryptfs-utils project. The script can be used to convert an existing,
> unencrypted swap partition into a swap partition that is encrypted.
> System admins may use this tool and the Ubuntu installer uses it when
> the user opts into home directory encryption.
> 
> On systems using systemd 211 or newer and GPT partitioning, the
> unencrypted swap partition was being automatically activated during boot
> and the encrypted swap was not used. This was due to ecryptfs-setup-swap
> not marking the swap partition as "no-auto", as defined by the
> Discoverable Partitions Spec

> ecryptfs-setup-swap improperly configures encrypted swap when using GPT
> partitioning
> Bug: https://launchpad.net/bugs/1447282
> Fix: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857
> (Please ignore the inaccurate commit message for commit 857)

Use CVE-2015-8946.


> ecryptfs-setup-swap improperly configures encrypted swap when using GPT
> partitioning on a NVMe or MMC drive. This bug is due to an incomplete
> fix for bug 1447282.
> Bug: https://launchpad.net/bugs/1597154
> Fix: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882

Use CVE-2016-6224.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXh9TcAAoJEHb/MwWLVhi2VUAP/RibsMY5eaJJQfehovvPDDZL
N4qZ33Rn347WoQnvnHm+dSaxC6Jys2jtGCyqJZ4xTxJXUFIZzsBDyIVONpuUd6Sz
mrnLDSPtBAvfzrBYcUbVoJLMYAoYWC27I9NcnwttE4MTLBvlDLhws2ncZJ+werph
bSVzBS8qGPj7LFJGTP1YiFj9qTbnbJwxRAvPIIz2wAcTyOljKcQTmpGXYoqSZIOV
oE6jSlA9HIsvgLS+VHuOzqWJTfABcjEtN6VHJEQovp0DI8EfrWenYMpGH8kFCgtO
KW3Y45IgJeEksbfIfX2ehlWkOEABZsRsg9sjFZGlVrLUCDsN35ooVLOLIvE+yebU
StESPy77rxhkjS709PBr+JeKMS276AIqoK/5TRu9B7Y5Lmz5FuPLhlOn79JJfoLW
XUoFrF9U9MeJk8EV1Hm+x3uU0EvVvWOXvtpL4VdrOfLBhihvUf8SXn3e2IkYxbuj
erfnb/0EIILAj+oulMAmyQ2gcN0JNso4nDWNFua+0+TBd1Ep5OPV5AgogxXemew8
L5Z3hQkSwFGbXrIkdUSYm+MD/VyxMC7lwSOIYs2S3hwtnN/m1eILOzgYGqTt6Tls
/sjTgi2l1v+sJeQPoFTo7Riuzqe7F+kUlBCjg8lyi9QF5evvlrWIhxS1kHmlrQlI
we6cyqgnjlYJRq+QWyvm
=11vA
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.