[El-errata] ELSA-2011-1241 Moderate: Oracle Linux 5 ecryptfs-utils security update

Thu Sep 1 11:22:39 PDT 2011

Oracle Linux Security Advisory ELSA-2011-1241

https://rhn.redhat.com/errata/RHSA-2011-1241.html

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
ecryptfs-utils-75-5.el5_7.2.i386.rpm
ecryptfs-utils-devel-75-5.el5_7.2.i386.rpm
ecryptfs-utils-gui-75-5.el5_7.2.i386.rpm

x86_64:
ecryptfs-utils-75-5.el5_7.2.i386.rpm
ecryptfs-utils-75-5.el5_7.2.x86_64.rpm
ecryptfs-utils-devel-75-5.el5_7.2.i386.rpm
ecryptfs-utils-devel-75-5.el5_7.2.x86_64.rpm
ecryptfs-utils-gui-75-5.el5_7.2.x86_64.rpm

ia64:
ecryptfs-utils-75-5.el5_7.2.ia64.rpm
ecryptfs-utils-devel-75-5.el5_7.2.ia64.rpm
ecryptfs-utils-gui-75-5.el5_7.2.ia64.rpm

SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/ecryptfs-utils-75-5.el5_7.2.src.rpm

Description of changes:

[75-5.2]
- do not forget to set the group id in mount.ecryptfs_private

[75-5.1]
- security fixes:
- privilege escalation via mountpoint race conditions (CVE-2011-1831, 
CVE-2011-1832)
- race condition when checking source during mount (CVE-2011-1833)
- mtab corruption via improper handling (CVE-2011-1834)
- key poisoning via insecure temp directory handling (CVE-2011-1835)
- arbitrary file overwrite via lock counter race (CVE-2011-1837)