Comment 6 for bug 1020902

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ecryptfs-utils - 83-0ubuntu3.2.10.04.6

---------------
ecryptfs-utils (83-0ubuntu3.2.10.04.6) lucid-security; urgency=medium

  * SECURITY UPDATE: Mount passphrase wrapped with a default salt value
    - src/libecryptfs/key_management.c, src/include/ecryptfs.h: Generate a
      random salt when wrapping the mount passphrase.
    - src/pam_ecryptfs/pam_ecryptfs.c: If a user has a mount passphrase that was
      wrapped using the default salt, their mount passphrase will be rewrapped
      using a random salt when they log in with their password.
    - src/libecryptfs/key_management.c: Create a temporary file when creating
      a new wrapped-passphrase file and copy it to its final destination after
      the file has been fully synced to disk (LP: #1020902)
    - CVE-2014-9687
 -- Tyler Hicks <email address hidden> Wed, 04 Mar 2015 16:26:45 -0600