---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Ubuntu update for ecryptfs-utils SECUNIA ADVISORY ID: SA35383 VERIFY ADVISORY: http://secunia.com/advisories/35383/ DESCRIPTION: Ubuntu has issued an update for ecryptfs-utils. This fixes a weakness, which potentially can be exploited to disclose sensitive information. The weakness is caused due to certain eCryptfs support utilities logging the passphrase into the installation log if a user selected to encrypt the home directory during the installation process. Successful exploitation requires root privileges. SOLUTION: Apply updated packages. -- Ubuntu 9.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/ecryptfs-utils_73-0ubuntu6.1.diff.gz Size/MD5: 12184 7f965e34c9eb44ceae0bafc65a3cc434 http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/ecryptfs-utils_73-0ubuntu6.1.dsc Size/MD5: 1707 d12ca96dd31ab19e559d8e4a86052b4c http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/ecryptfs-utils_73.orig.tar.gz Size/MD5: 504056 cd1c344b4cabf16971a405db353cb5cd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/ecryptfs-utils_73-0ubuntu6.1_amd64.deb Size/MD5: 102032 cb22885adb2b4cab782ef18167fc94c6 http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/libecryptfs-dev_73-0ubuntu6.1_amd64.deb Size/MD5: 62688 be22d84e388e0dbecf4286ccdd829fb1 http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/libecryptfs0_73-0ubuntu6.1_amd64.deb Size/MD5: 68838 fe8104a4a5e469c6bd57378c5c0c40b2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/ecryptfs-utils_73-0ubuntu6.1_i386.deb Size/MD5: 96908 e737d11e4132c59d2ab3b97257010ebe http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/libecryptfs-dev_73-0ubuntu6.1_i386.deb Size/MD5: 56284 d02501ddb287e2e32422570228ebc6a6 http://security.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/libecryptfs0_73-0ubuntu6.1_i386.deb Size/MD5: 65424 e8e6e045f06a6a43493f1b50c4f55138 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/ecryptfs-utils_73-0ubuntu6.1_lpia.deb Size/MD5: 96272 23e8f81d0b3b678abf548d316ad13a8a http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/libecryptfs-dev_73-0ubuntu6.1_lpia.deb Size/MD5: 55578 780f0e6fc6accf33b5a0419ddf3930c5 http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/libecryptfs0_73-0ubuntu6.1_lpia.deb Size/MD5: 63784 18a5b3f566928e63518fc5e2a87fd66e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/ecryptfs-utils_73-0ubuntu6.1_powerpc.deb Size/MD5: 117060 479282ff1ba602eedaf6246770c276fc http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/libecryptfs-dev_73-0ubuntu6.1_powerpc.deb Size/MD5: 63200 689a7a750b08350be0252dc6ad571b08 http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/libecryptfs0_73-0ubuntu6.1_powerpc.deb Size/MD5: 73604 2d03fa7da4649c06aa3b1d29a6512923 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/ecryptfs-utils_73-0ubuntu6.1_sparc.deb Size/MD5: 97944 37ecc02c57e7ae4efd708cbb9bfc2d74 http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/libecryptfs-dev_73-0ubuntu6.1_sparc.deb Size/MD5: 58200 db71c5e6ad82ffdd119d739904e427d1 http://ports.ubuntu.com/pool/main/e/ecryptfs-utils/libecryptfs0_73-0ubuntu6.1_sparc.deb Size/MD5: 63088 6513b0bbbc6ec32c2360e05467470b8d PROVIDED AND/OR DISCOVERED BY: The vendor credits Chris Jones. ORIGINAL ADVISORY: USN-783-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-June/000910.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------