Gentoo has issued an advisory today (December 30): https://security.gentoo.org/glsa/201512-09 Apparently the issues are fixed upstream in 1.7.5 (and likely 1.8.1). Reproducible: Steps to Reproduce:
Updated package uploaded for Mageia 5. Advisory: ======================== Updated encfs packages fix security vulnerability: A local attacker can utilize a possible buffer overflow in the encodeName method of StreamNameIO and BlockNameIO to execute arbitrary code or cause a Denial of Service. Also multiple weak cryptographics practices have been found in encfs (CVE-2014-3462). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3462 https://security.gentoo.org/glsa/201512-09 ======================== Updated packages in core/updates_testing: ======================== encfs-1.7.5-1.mga5 libencfs6-1.7.5-1.mga5 from encfs-1.7.5-1.mga5.src.rpm
Assignee: guillomovitch => qa-bugs
May help with testing: https://www.howtoforge.com/tutorial/encrypt-your-data-with-encfs-debian-jessie/
Whiteboard: (none) => has_procedure
In VirtualBox, M5, KDE, 32-bit Test proceedure taken from: https://www.howtoforge.com/tutorial/encrypt-your-data-with-encfs-debian-jessie/ https://wiki.archlinux.org/index.php/EncFS Package(s) under test: encfs libencfs6 default install of encfs & libencfs6 [root@localhost wilcal]# urpmi encfs Package encfs-1.7.4-14.mga5.i586 is already installed [root@localhost wilcal]# urpmi libencfs6 Package libencfs6-1.7.4-14.mga5.i586 is already installed create two directories: /home/wilcal/encfs_encrypted /home/wilcal/encfs_decrypted mkdir -p /home/wilcal/encfs_encrypted mkdir -p /home/wilcal/encfs_decrypted in a user terminal run: encfs /home/wilcal/encfs_encrypted /home/wilcal/encfs_decrypted enter "p" for preconfigured mode enter password anything you put into, or remove, in /home/wilcal/encfs_decrypted will be encrypted and mirrored in /home/wilcal/encfs_encrypted run in a terminal: fusermount -u /home/wilcal/encfs_decrypted then delete /home/wilcal/encfs_decrypted in a terminal run: encfs /home/wilcal/encfs_encrypted /home/wilcal/encfs_decrypted You will be asked if you want to create: /home/wilcal/encfs_decrypted Answer "y" and the directory will be created with the decripted files. An even shorter way is to have encfs create both the directories. Run in a terminal: encfs /home/wilcal/encfs_encrypted /home/wilcal/encfs_decrypted and you will be prompted to create the directories if they don't exist and then you enter the password. unmount and delete /home/wilcal/encfs_encrypted /home/wilcal/encfs_decrypted install encfs & libencfs6 from updates_testing [root@localhost wilcal]# urpmi encfs Package encfs-1.7.5-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libencfs6 Package libencfs6-1.7.5-1.mga5.i586 is already installed In a terminal run: encfs /home/wilcal/encfs_encrypted /home/wilcal/encfs_decrypted allow encfs to create both folders and enter password. Drag some files into /home/wilcal/encfs_decrypted Encrypted files are created in /home/wilcal/encfs_encrypted In a terminal run: fusermount -u /home/wilcal/encfs_decrypted Delete folder /home/wilcal/encfs_decrypted empty trash. in a terminal run: encfs /home/wilcal/encfs_encrypted /home/wilcal/encfs_decrypted Let encfs create the folder: /home/wilcal/encfs_decrypted Enter password. Files will be decripted from /home/wilcal/encfs_encrypted and placed in /home/wilcal/encfs_decrypted Folders are back live.
CC: (none) => wilcal.intWhiteboard: has_procedure => has_procedure MGA5-32-OK
In VirtualBox, M5, KDE, 64-bit Test proceedure taken from: https://www.howtoforge.com/tutorial/encrypt-your-data-with-encfs-debian-jessie/ https://wiki.archlinux.org/index.php/EncFS Package(s) under test: encfs lib64encfs6 default install of encfs & lib64encfs6 [root@localhost wilcal]# urpmi encfs Package encfs-1.7.4-14.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64encfs6 Package lib64encfs6-1.7.4-14.mga5.x86_64 is already installed create two directories: /home/wilcal/encfs_encrypted /home/wilcal/encfs_decrypted mkdir -p /home/wilcal/encfs_encrypted mkdir -p /home/wilcal/encfs_decrypted in a user terminal run: encfs /home/wilcal/encfs_encrypted /home/wilcal/encfs_decrypted enter "p" for preconfigured mode enter password anything you put into, or remove, in /home/wilcal/encfs_decrypted will be encrypted and mirrored in /home/wilcal/encfs_encrypted run in a terminal: fusermount -u /home/wilcal/encfs_decrypted then delete /home/wilcal/encfs_decrypted in a terminal run: encfs /home/wilcal/encfs_encrypted /home/wilcal/encfs_decrypted You will be asked if you want to create: /home/wilcal/encfs_decrypted Answer "y" and the directory will be created with the decripted files. An even shorter way is to have encfs create both the directories. Run in a terminal: encfs /home/wilcal/encfs_encrypted /home/wilcal/encfs_decrypted and you will be prompted to create the directories if they don't exist and then you enter the password. unmount and delete /home/wilcal/encfs_encrypted /home/wilcal/encfs_decrypted install encfs & lib64encfs6 from updates_testing [root@localhost wilcal]# urpmi encfs Package encfs-1.7.5-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64encfs6 Package lib64encfs6-1.7.5-1.mga5.x86_64 is already installed In a terminal run: encfs /home/wilcal/encfs_encrypted /home/wilcal/encfs_decrypted allow encfs to create both folders and enter password. Drag some files into /home/wilcal/encfs_decrypted Encrypted files are created in /home/wilcal/encfs_encrypted In a terminal run: fusermount -u /home/wilcal/encfs_decrypted Delete folder /home/wilcal/encfs_decrypted empty trash. in a terminal run: encfs /home/wilcal/encfs_encrypted /home/wilcal/encfs_decrypted Let encfs create the folder: /home/wilcal/encfs_decrypted Enter password. Files will be decripted from /home/wilcal/encfs_encrypted and placed in /home/wilcal/encfs_decrypted Folders are back live.
Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK MGA5-64-OK
This slick little application and update works fine. Testing complete for MGA5, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => davidwhodginsWhiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0026.html
Status: NEW => RESOLVEDResolution: (none) => FIXED