Summary: | <sys-apps/shadow-4.4-r2: su: user can send SIGKILL with root privileges to other processes (CVE-2017-2616) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, pam-bugs+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: |
=sys-apps/shadow-4.4-r2
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 610802 |
Description
Thomas Deutschmann (RETIRED)
2017-02-24 12:27:22 UTC
commit 8df93785b284c765f254f65922fb699e151d0f6e Author: Lars Wendler <polynomial-c@gentoo.org> Date: Fri Feb 24 13:42:44 2017 sys-apps/shadow: Security revbump to fix CVE-2017-2616 (bug #610804). Package-Manager: Portage-2.3.3, Repoman-2.3.1 Arches please test and mar stable =sys-apps/shadow-4.4-r2 with target KEYWORDS: alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 amd64 stable x86 stable ppc64 stable ppc stable sparc stable Stable on alpha. arm stable Stable for HPPA. commit 2c4b242d41c2414cb02d6825d5811f57acf2d640 Author: Mike Frysinger <vapier@gentoo.org> Date: Wed Mar 1 15:27:11 2017 -0700 sys-apps/shadow: mark arm64/ia64/m68k/s390/sh stable Arches, Thank you for your work. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). commit 4d5d0eac6f3ae936d0bdcd291ef01a39bfb8fd03 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Mon Mar 13 13:36:50 2017 sys-apps/shadow: Security cleanup (bug #610804). Package-Manager: Portage-2.3.4, Repoman-2.3.2 This issue was resolved and addressed in GLSA 201706-02 at https://security.gentoo.org/glsa/201706-02 by GLSA coordinator Yury German (BlueKnight). |