CVE-2017-2616

Priority
Description
A race condition was found in util-linux before 2.32.1 in the way su
handled the management of child processes. A local authenticated attacker
could use this flaw to kill other processes with root privileges under
specific conditions.
Notes
sbeattieubuntu uses su from shadow package, not util-linux up until
(2.32-0.2)
Package
Upstream:released (1:4.4-4)
Ubuntu 18.04 LTS:released (1:4.2-3.2ubuntu2)
Ubuntu 16.04 ESM:released (1:4.2-3.1ubuntu5.2)
Ubuntu 14.04 ESM:released (1:4.1.5.1-1ubuntu9.4)
Patches:
Upstream:https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686
Package
Priority: Negligible
Upstream:released (2.29.2-1)
Ubuntu 18.04 LTS:not-affected (2.31.1-0.4ubuntu3.3)
Ubuntu 16.04 ESM:not-affected (binary not built)
Ubuntu 14.04 ESM:not-affected (binary not built)
Patches:
Upstream:https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891
More Information

Updated: 2022-04-13 12:58:27 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)