oss-sec mailing list archives
CVE Requests: Information exposure caused by ecryptfs-setup-swap failures
From: Tyler Hicks <tyhicks () canonical com>
Date: Wed, 13 Jul 2016 01:38:52 -0500
Hello - I'd like to request two CVEs. The flaws are in the ecryptfs-setup-swap script that is provided by the upstream ecryptfs-utils project. The script can be used to convert an existing, unencrypted swap partition into a swap partition that is encrypted. System admins may use this tool and the Ubuntu installer uses it when the user opts into home directory encryption. On systems using systemd 211 or newer and GPT partitioning, the unencrypted swap partition was being automatically activated during boot and the encrypted swap was not used. This was due to ecryptfs-setup-swap not marking the swap partition as "no-auto", as defined by the Discoverable Partitions Spec: https://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/ Details of the two issues needing CVEs: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning Bug: https://launchpad.net/bugs/1447282 Fix: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857 (Please ignore the inaccurate commit message for commit 857) ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive. This bug is due to an incomplete fix for bug 1447282. Bug: https://launchpad.net/bugs/1597154 Fix: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882 Tyler
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE Requests: Information exposure caused by ecryptfs-setup-swap failures Tyler Hicks (Jul 12)
- Re: CVE Requests: Information exposure caused by ecryptfs-setup-swap failures cve-assign (Jul 14)