GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Dec 30, 2015 3:26 pm Post subject: [ GLSA 201512-09 ] encfs |
|
|
Gentoo Linux Security Advisory
Title: encfs: Multiple vulnerabilities (GLSA 201512-09)
Severity: normal
Exploitable: local
Date: December 30, 2015
Bug(s): #510290
ID: 201512-09
Synopsis
Multiple vulnerabilities have been found in encfs, the worst of
which can allow remote attackers to execute arbitrary code or cause a
Denial of Service condition.
Background
Encfs is an implementation of encrypted filesystem in user-space using
FUSE.
Affected Packages
Package: sys-fs/encfs
Vulnerable: < 1.7.5
Unaffected: >= 1.7.5
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in encfs. Please review
the CVE identifiers referenced below for details.
Impact
A local attacker can utilize a possible buffer overflow in the
encodeName method of StreamNameIO and BlockNameIO to execute arbitrary
code or cause a Denial of Service. Also multiple weak cryptographics
practices have been found in encfs.
Workaround
There is no known workaround at this time.
Resolution
All encfs users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-fs/encfs-1.7.5"
|
References
CVE-2014-3462 |
|