oss-sec mailing list archives
Re: util-linux 2.29.2 fixes CVE-2017-2616
From: Bálint Réczey <balint () balintreczey hu>
Date: Thu, 23 Feb 2017 17:31:42 +0100
Hi, 2017-02-23 17:08 GMT+01:00 Hanno Böck <hanno () hboeck de>:
On Thu, 23 Feb 2017 07:56:51 -0500 Assaf Gordon <assafgordon () gmail com> wrote:GNU Coreutils stopped installing 'su' by default in 2007, and completely removed 'su' (including the 'su.c' source file) in 2012.That's good to know, so now there are only 2 competing versions of su instead of 3 in major packages :-) Anyone have a good idea who is using shadow vs. util-linux su? Do they have specific advantages/disadvantages, would it be reasonable to try to get all distros to use them same one?
In Debian we are looking into switching to util-linux from shadow for commands provided by both packages: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833256 Cheers, Balint
Current thread:
- util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner (Feb 22)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Assaf Gordon (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Bálint Réczey (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Emilio Pozuelo Monfort (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Serge E. Hallyn (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Leo Famulari (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Tobias Stöckmann (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck (Feb 23)