14 DAY TRIAL // Canonical has published details in a security notice about an eCryptfs vulnerability in Ubuntu 14.10, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS that has been found and corrected.
A number of problems have been fixed in the last few days and now it's the turn of the eCryptfs library to get updated. As you might have guessed, this is not a really critical issue, but it does affect all the Ubuntu supported distributions. eCryptfs is used to encrypt home and Private directories.
"Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files," is noted in the security notice.
For a more detailed description of the problems, you can see Canonical's security notification. The problem can be corrected if you upgrade your system(s) to the latest libexiv2 and libecryptfs0 package. To apply the patch, you can simply run the Update Manager application, but you can also use the terminal if you don't like the provided GUI interface. Open a terminal and enter the following commands (you will need to be root):
sudo apt-get dist-upgrade