USN-3032-1: eCryptfs vulnerability

Ubuntu Security Notice USN-3032-1

14th July, 2016

ecryptfs-utils vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 15.10

Summary

eCryptfs could be made to expose sensitive information.

Software description

  • ecryptfs-utils
    – eCryptfs cryptographic filesystem utilities

Details

It was discovered that eCryptfs incorrectly configured the encrypted swap
partition for certain drive types. An attacker could use this issue to discover
sensitive information.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
ecryptfs-utils

111-0ubuntu1.1
Ubuntu 15.10:
ecryptfs-utils

108-0ubuntu1.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2016-6224

Leave a Reply