|
|
Subscribe / Log in / New account

Mageia alert MGASA-2017-0072 (util-linux)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2017-0072: Updated util-linux packages fix security vulnerability 


Date:
    	      Fri, 3 Mar 2017 11:10:16 +0100


Message-ID:
    	      <20170303101016.9FBF39F7D1@duvel.mageia.org>


MGASA-2017-0072 - Updated util-linux packages fix security vulnerability

Publication date: 03 Mar 2017
URL: http://advisories.mageia.org/MGASA-2017-0072.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2017-2616

Description:
With the su command from util-linux before 2.29.2, it is possible for
any local user to send SIGKILL to other processes with root privileges.
To exploit this, the user must be able to perform su with a successful
login.  SIGKILL can only be sent to processes which were executed after
the su process.  It is not possible to send SIGKILL to processes which
were already running (CVE-2017-2616).

References:
- https://bugs.mageia.org/show_bug.cgi?id=20337
- http://openwall.com/lists/oss-security/2017/02/23/2
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616

SRPMS:
- 5/core/util-linux-2.25.2-3.5.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds