This bug was fixed in the package fscrypt - 0.2.2-0ubuntu2.1
---------------
fscrypt (0.2.2-0ubuntu2.1) bionic-security; urgency=medium
* SECURITY UPDATE: Privilege escalation via improperly restored
supplementary groups in libpam-fscrypt (LP: #1787548)
- CVE-2018-6558.patch: Save the euid, egid, and supplementary groups when
entering the PAM module, drop privileges to perform actions on behalf of
the user, and then properly restore the saved values before exiting the
PAM module. Based on patch from upstream.
- CVE-2018-6558
* 0001-security-drop-and-regain-privileges-in-all-threads.patch: Drop and
regain privileges in all threads of the current process
* 0001-Ensure-keyring-privilege-changes-are-reversible.patch: Ensure keyring
privilege changes are reversible to prevent failures when, for example,
"su <user>" is executed as an unprivileged user
-- Tyler Hicks <tyhi...@canonical.com> Wed, 22 Aug 2018 18:57:26 +0000
** Changed in: fscrypt (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1787548
Title:
PAM fscrypt adds root(0) group to all users called by su
To manage notifications about this bug go to:
https://bugs.launchpad.net/shadow/+bug/1787548/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
