Security update for ecryptfs-utils SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0344-1 Final 1 1 2018-02-01T18:50:24Z current 2018-02-01T18:50:24Z 2018-02-01T18:50:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ecryptfs-utils This update for ecryptfs-utils fixes the following issues: - CVE-2015-8946: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning (bsc#989121) - CVE-2016-6224: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive (bsc#989122) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-02/msg00006.html E-Mail link for openSUSE-SU-2018:0344-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 ecryptfs-utils-103-7.1 ecryptfs-utils-32bit-103-7.1 ecryptfs-utils-103-7.1 as a component of openSUSE Leap 42.3 ecryptfs-utils-32bit-103-7.1 as a component of openSUSE Leap 42.3 ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors. CVE-2015-8946 openSUSE Leap 42.3:ecryptfs-utils-103-7.1 openSUSE Leap 42.3:ecryptfs-utils-32bit-103-7.1 moderate 4 AV:L/AC:H/Au:N/C:C/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00006.html https://www.suse.com/security/cve/CVE-2015-8946.html CVE-2015-8946 https://bugzilla.suse.com/989121 SUSE Bug 989121 https://bugzilla.suse.com/989122 SUSE Bug 989122 ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946. CVE-2016-6224 openSUSE Leap 42.3:ecryptfs-utils-103-7.1 openSUSE Leap 42.3:ecryptfs-utils-32bit-103-7.1 moderate 4 AV:L/AC:H/Au:N/C:C/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00006.html https://www.suse.com/security/cve/CVE-2016-6224.html CVE-2016-6224 https://bugzilla.suse.com/989121 SUSE Bug 989121 https://bugzilla.suse.com/989122 SUSE Bug 989122