Advisories » MGASA-2017-0072

Updated util-linux packages fix security vulnerability

Publication date: 03 Mar 2017
Modification date: 03 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-2616

Description

With the su command from util-linux before 2.29.2, it is possible for
any local user to send SIGKILL to other processes with root privileges.
To exploit this, the user must be able to perform su with a successful
login.  SIGKILL can only be sent to processes which were executed after
the su process.  It is not possible to send SIGKILL to processes which
were already running (CVE-2017-2616).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20337
• http://openwall.com/lists/oss-security/2017/02/23/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616

SRPMS

5/core

• util-linux-2.25.2-3.5.mga5