A number of issues were found in the cryptography practices of EncFS. These are detailed in the following audit: https://defuse.ca/audits/encfs.htm It also notes some of the issues in bug 630460 may not be fixed correctly. A fix is currently not available. Fedora and EPEL use a 1.x version. A future 2.0 release may correct these issues: https://code.google.com/p/encfs/issues/detail?id=186
Created fuse-encfs tracking bugs for this issue: Affects: fedora-all [bug 1097539] Affects: epel-all [bug 1097540]
CVE request: http://www.openwall.com/lists/oss-security/2014/05/14/1
MITRE assigned CVE-2014-3462 to the "Editing Configuration File Disables MACs" (from the original audit report) issue: http://seclists.org/oss-sec/2014/q2/305
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.