21073 – shadow-utils security vulnerability CVE-2017-2616

Bug 21073 - shadow-utils security vulnerability CVE-2017-2616

Summary: shadow-utils security vulnerability CVE-2017-2616

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:	http://www.linuxsecurity.com/content/...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-06-12 05:08 CEST by Zombie Ryushu
Modified:	2017-06-12 11:42 CEST (History)
CC List:	0 users

See Also:
Source RPM:	shadow-utils
CVE:	CVE-2017-2616
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Zombie Ryushu 2017-06-12 05:08:15 CEST

Several vulnerabilities were discovered in the shadow suite. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2017-2616

    Tobias Stoeckmann discovered that su does not properly handle
    clearing a child PID. A local attacker can take advantage of this
    flaw to send SIGKILL to other processes with root privileges,
    resulting in denial of service.

This bug is related to the fix for 
CVE-2016-6252

Zombie Ryushu 2017-06-12 05:08:34 CEST

CVE: (none) => CVE-2017-2616

Comment 1 David Walser 2017-06-12 11:42:32 CEST

Our su is from util-linux.

This is from an old Debian advisory (which we already check) that has already been evaluated.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Note You need to log in before you can comment on or make changes to this bug.