Linux News Today: eCryptfs Vulnerability Closed in Ubuntu OSes
A eCryptfs vulnerability has been found and repaired in Ubuntu 15.10, Ubuntu 15.04 and Ubuntu 14.04 LTS, and a new updated has been issued.
The developers found a small issue with the ecryptfs-utils package (eCryptfs cryptographic filesystem utilities) and pushed a new version into the repositories. It’s not a big update, but it’s a good idea to update anyway.
“Jann Horn discovered that mount.ecryptfs_private would mount over certain directories in the proc filesystem. A local attacker could use this to escalate their privileges,” said the maintainers in the security notification.
For a more detailed description of the issues, you can see Canonical’s security notification. Users should upgrade their Linux distribution in order to correct this issue. The vulnerability can be fixed if you upgrade your system(s) to the latest package specific to each distribution. To apply the patch, users can simply run the Update Manager application.
If you don’t want to use the Software Updater, you can open a terminal and enter the following commands (you will need to be root):
sudo apt-get update
sudo apt-get dist-upgrade
The updating process should be very short, if this is the only upgrade that you need to perform. It might take longer if you haven’t upgraded your system for some time. It’s also worth noting that you don’t need to reboot the system.