Security update for ecryptfs-utils SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:0336-1 Final 1 1 2018-02-01T09:39:39Z current 2018-02-01T09:39:39Z 2018-02-01T09:39:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ecryptfs-utils This update for ecryptfs-utils fixes the following issues: - CVE-2015-8946: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning (bsc#989121) - CVE-2016-6224: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive (bsc#989122) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP2-2018-234,SUSE-SLE-DESKTOP-12-SP3-2018-234,SUSE-SLE-RPI-12-SP2-2018-234,SUSE-SLE-SERVER-12-SP2-2018-234,SUSE-SLE-SERVER-12-SP3-2018-234 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20180336-1/ Link for SUSE-SU-2018:0336-1 https://lists.suse.com/pipermail/sle-security-updates/2018-February/003694.html E-Mail link for SUSE-SU-2018:0336-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/989121 SUSE Bug 989121 https://bugzilla.suse.com/989122 SUSE Bug 989122 https://www.suse.com/security/cve/CVE-2015-8946/ SUSE CVE CVE-2015-8946 page https://www.suse.com/security/cve/CVE-2016-6224/ SUSE CVE CVE-2016-6224 page SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 ecryptfs-utils-103-8.3.1 ecryptfs-utils-32bit-103-8.3.1 ecryptfs-utils-103-8.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 ecryptfs-utils-32bit-103-8.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 ecryptfs-utils-103-8.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 ecryptfs-utils-32bit-103-8.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 ecryptfs-utils-103-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP2 ecryptfs-utils-32bit-103-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP2 ecryptfs-utils-103-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP3 ecryptfs-utils-32bit-103-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP3 ecryptfs-utils-103-8.3.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 ecryptfs-utils-103-8.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 ecryptfs-utils-32bit-103-8.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 ecryptfs-utils-103-8.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 ecryptfs-utils-32bit-103-8.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors. CVE-2015-8946 SUSE Linux Enterprise Desktop 12 SP2:ecryptfs-utils-103-8.3.1 SUSE Linux Enterprise Desktop 12 SP2:ecryptfs-utils-32bit-103-8.3.1 SUSE Linux Enterprise Desktop 12 SP3:ecryptfs-utils-103-8.3.1 SUSE Linux Enterprise Desktop 12 SP3:ecryptfs-utils-32bit-103-8.3.1 SUSE Linux Enterprise Server 12 SP2:ecryptfs-utils-103-8.3.1 SUSE Linux Enterprise Server 12 SP2:ecryptfs-utils-32bit-103-8.3.1 SUSE Linux Enterprise Server 12 SP3:ecryptfs-utils-103-8.3.1 SUSE Linux Enterprise Server 12 SP3:ecryptfs-utils-32bit-103-8.3.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ecryptfs-utils-103-8.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ecryptfs-utils-103-8.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ecryptfs-utils-32bit-103-8.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ecryptfs-utils-103-8.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ecryptfs-utils-32bit-103-8.3.1 moderate 4 AV:L/AC:H/Au:N/C:C/I:N/A:N 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180336-1/ https://www.suse.com/security/cve/CVE-2015-8946.html CVE-2015-8946 https://bugzilla.suse.com/989121 SUSE Bug 989121 https://bugzilla.suse.com/989122 SUSE Bug 989122 ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946. CVE-2016-6224 SUSE Linux Enterprise Desktop 12 SP2:ecryptfs-utils-103-8.3.1 SUSE Linux Enterprise Desktop 12 SP2:ecryptfs-utils-32bit-103-8.3.1 SUSE Linux Enterprise Desktop 12 SP3:ecryptfs-utils-103-8.3.1 SUSE Linux Enterprise Desktop 12 SP3:ecryptfs-utils-32bit-103-8.3.1 SUSE Linux Enterprise Server 12 SP2:ecryptfs-utils-103-8.3.1 SUSE Linux Enterprise Server 12 SP2:ecryptfs-utils-32bit-103-8.3.1 SUSE Linux Enterprise Server 12 SP3:ecryptfs-utils-103-8.3.1 SUSE Linux Enterprise Server 12 SP3:ecryptfs-utils-32bit-103-8.3.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ecryptfs-utils-103-8.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ecryptfs-utils-103-8.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ecryptfs-utils-32bit-103-8.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ecryptfs-utils-103-8.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ecryptfs-utils-32bit-103-8.3.1 moderate 4 AV:L/AC:H/Au:N/C:C/I:N/A:N 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180336-1/ https://www.suse.com/security/cve/CVE-2016-6224.html CVE-2016-6224 https://bugzilla.suse.com/989121 SUSE Bug 989121 https://bugzilla.suse.com/989122 SUSE Bug 989122