encryptfs-utils is vulnerable to access control bypass. An insecure temporary file use flaw was found in the ecryptfs-setup-private script. A local attacker could use this script to insert their own key that will subsequently be used by a new user, possibly giving the attacker access to the user’s encrypted data if existing file permissions allow access.
lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html
www.ubuntu.com/usn/USN-1188-1
access.redhat.com/errata/RHSA-2011:1241
access.redhat.com/security/updates/classification/#moderate
access.redhat.com/support/offerings/techpreview/
bugzilla.redhat.com/show_bug.cgi?id=729465
launchpad.net/ecryptfs/+download