Ubuntu Security Notice USN-2524-1
10th March, 2015
ecryptfs-utils vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary
Sensitive information in encrypted home and Private directories could be
exposed if an attacker gained access to your files.
Software description
- ecryptfs-utils
– eCryptfs cryptographic filesystem utilities
Details
Sylvain Pelissier discovered that eCryptfs did not generate a random salt when
encrypting the mount passphrase with the login password. An attacker could use
this issue to discover the login password used to protect the mount passphrase
and gain unintended access to the encrypted files.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
ecryptfs-utils
104-0ubuntu1.14.10.3
-
libecryptfs0
104-0ubuntu1.14.10.3
- Ubuntu 14.04 LTS:
-
ecryptfs-utils
104-0ubuntu1.14.04.3
-
libecryptfs0
104-0ubuntu1.14.04.3
- Ubuntu 12.04 LTS:
-
ecryptfs-utils
96-0ubuntu3.4
-
libecryptfs0
96-0ubuntu3.4
- Ubuntu 10.04 LTS:
-
ecryptfs-utils
83-0ubuntu3.2.10.04.6
-
libecryptfs0
83-0ubuntu3.2.10.04.6
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to log out of all sessions and then log
back in to make all the necessary changes.