oss-sec mailing list archives
Re: util-linux 2.29.2 fixes CVE-2017-2616
From: Tobias Stöckmann <tobias () stoeckmann org>
Date: Thu, 23 Feb 2017 19:10:51 +0100
Hello, as I have discovered the issue, I can confirm that su of util-linux as well as shadow are affected. I have supplied patches to both maintainers and the shadow patch has been pushed now, too. The code shares a common origin but differs slightly, which in fact made the patch for shadow a bit trickier. But as the code bases are so close to each other, I don't think that it takes another CVE-ID for this one.
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner (Feb 22)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Assaf Gordon (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Bálint Réczey (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Emilio Pozuelo Monfort (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Serge E. Hallyn (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Leo Famulari (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Tobias Stöckmann (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck (Feb 23)