Advisories ยป MGASA-2017-0072

Updated util-linux packages fix security vulnerability

Publication date: 03 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-2616


With the su command from util-linux before 2.29.2, it is possible for
any local user to send SIGKILL to other processes with root privileges.
To exploit this, the user must be able to perform su with a successful
login.  SIGKILL can only be sent to processes which were executed after
the su process.  It is not possible to send SIGKILL to processes which
were already running (CVE-2017-2616).