oss-sec mailing list archives
Re: util-linux 2.29.2 fixes CVE-2017-2616
From: Assaf Gordon <assafgordon () gmail com>
Date: Thu, 23 Feb 2017 07:56:51 -0500
Hello,
On Feb 23, 2017, at 05:01, Marcus Meissner <meissner () suse de> wrote: On Thu, Feb 23, 2017 at 10:40:54AM +0100, Hanno Böck wrote:util-linux 2.29.2 fixes CVE-2017-2616, a race condition which allowed local users to kill other processes.coreutils uses the same su.c codebase, so it is also affected.
GNU Coreutils stopped installing 'su' by default in 2007, and completely removed 'su' (including the 'su.c' source file) in 2012. See: https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=928dd737 regards, - assaf
Current thread:
- util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner (Feb 22)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Assaf Gordon (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Bálint Réczey (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Emilio Pozuelo Monfort (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Serge E. Hallyn (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Leo Famulari (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Tobias Stöckmann (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck (Feb 23)