FS#47844 : [ecryptfs-utils] Critical local privilege escalation (CVE-2016-1572)

FS#47844 - [ecryptfs-utils] Critical local privilege escalation (CVE-2016-1572)

Attached to Project: Community Packages
Opened by Stefan Keller (lokutos) - Thursday, 21 January 2016, 10:57 GMT
Last edited by Timothy Redaelli (tredaelli) - Friday, 22 January 2016, 11:42 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Timothy Redaelli (tredaelli)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
A critical security issue allowing local privilege escalation (to root) has been found and fixed.
See: https://bugs.launchpad.net/ecryptfs/+bug/1530566
Fix in https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870
New packages have been built for Ubuntu, so the Arch one is out of date.

Steps to reproduce:
See https://bugs.launchpad.net/ecryptfs/+bug/1530566 for the exploit.

This task depends upon

Closed by Timothy Redaelli (tredaelli)
Friday, 22 January 2016, 11:42 GMT
Reason for closing: Fixed
Additional comments about closing: Patch applied in 108-2

Comment by Doug Newgard (Scimmia) - Thursday, 21 January 2016, 20:10 GMT

I don't think you know what "out of date" means. 108 is still the latest release from what I can see.

Comment by Timothy Redaelli (tredaelli) - Friday, 22 January 2016, 11:42 GMT

They made a patch without releasing another version.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#47844 - [ecryptfs-utils] Critical local privilege escalation (CVE-2016-1572)

Details

Loading...