From f81736c3e9b7a456703d2173a709f497d51e39b30a74ac1fd3d78c9a6c1b63c7 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Thu, 11 Aug 2011 15:36:30 +0000 Subject: [PATCH] Accepting request 78546 from home:msmeissn:branches:security updated to version 90 OBS-URL: https://build.opensuse.org/request/show/78546 OBS-URL: https://build.opensuse.org/package/show/security/ecryptfs-utils?expand=0&rev=16 --- ecryptfs-utils.changes | 17 +++++++++++++++++ ecryptfs-utils.spec | 4 ++-- ecryptfs-utils_87.orig.tar.gz | 3 --- ecryptfs-utils_90.orig.tar.gz | 3 +++ 4 files changed, 22 insertions(+), 5 deletions(-) delete mode 100644 ecryptfs-utils_87.orig.tar.gz create mode 100644 ecryptfs-utils_90.orig.tar.gz diff --git a/ecryptfs-utils.changes b/ecryptfs-utils.changes index 149ccc7..67a4a7b 100644 --- a/ecryptfs-utils.changes +++ b/ecryptfs-utils.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Thu Aug 11 17:25:21 CEST 2011 - meissner@suse.de + +- Updated to 90 + Fixed several security issues: + * CVE-2011-1831 - Race condition when checking mountpoint during mount. + * CVE-2011-1832 - Race condition when checking mountpoint during unmount. + * CVE-2011-1833 - Race condition when checking source during mount. + * CVE-2011-1834 - Improper mtab handling allowing corruption due to resource + limits, signals, etc. + * CVE-2011-1835 - Key poisoning in ecryptfs-setup-private due to insecure temp + directory. + * CVE-2011-1836 - ecryptfs-recover-private mounts directly in /tmp + * CVE-2011-1837 - Predictable lock counter name and associated races. + + New ecryptfs-find binary to find by inode. + ------------------------------------------------------------------- Mon Apr 18 17:06:50 CEST 2011 - meissner@suse.de diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec index b91f5a2..ab56305 100644 --- a/ecryptfs-utils.spec +++ b/ecryptfs-utils.spec @@ -24,8 +24,8 @@ License: GPLv2+ Group: Productivity/Security AutoReqProv: on Summary: Userspace Utilities for ecryptfs -Version: 87 -Release: 1 +Version: 90 +Release: 2 Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz Source1: baselibs.conf BuildRoot: %{_tmppath}/%{name}-%{version}-build diff --git a/ecryptfs-utils_87.orig.tar.gz b/ecryptfs-utils_87.orig.tar.gz deleted file mode 100644 index c31b28e..0000000 --- a/ecryptfs-utils_87.orig.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:02952f122ae2a9c1a0fe6835575970fab4cefeb16b88e81ccaf00241c0161e7f -size 542880 diff --git a/ecryptfs-utils_90.orig.tar.gz b/ecryptfs-utils_90.orig.tar.gz new file mode 100644 index 0000000..ac9e29d --- /dev/null +++ b/ecryptfs-utils_90.orig.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1cdce5ab1f46b58926826dd2f733b98a5b0449d36d43d40147da96fb749cac7e +size 569148