| Summary: | shadow-utils security vulnerability CVE-2017-2616 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Zombie Ryushu <zombie_ryushu> |
| Component: | Security | Assignee: | Mageia Bug Squad <bugsquad> |
| Status: | RESOLVED INVALID | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.linuxsecurity.com/content/view/170875/170/ | ||
| Whiteboard: | |||
| Source RPM: | shadow-utils | CVE: | CVE-2017-2616 |
| Status comment: | |||
|
Zombie Ryushu
2017-06-12 05:08:34 CEST
CVE:
(none) =>
CVE-2017-2616 Our su is from util-linux. This is from an old Debian advisory (which we already check) that has already been evaluated. Status:
NEW =>
RESOLVED |
Several vulnerabilities were discovered in the shadow suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-2616 Tobias Stoeckmann discovered that su does not properly handle clearing a child PID. A local attacker can take advantage of this flaw to send SIGKILL to other processes with root privileges, resulting in denial of service. This bug is related to the fix for CVE-2016-6252