CVE-2017-2616

Priority
Description
A race condition was found in util-linux before 2.32.1 in the way su
handled the management of child processes. A local authenticated attacker
could use this flaw to kill other processes with root privileges under
specific conditions.
Notes
sbeattieubuntu uses su from shadow package, not util-linux up until
(2.32-0.2)
Package
Upstream:released (1:4.4-4)
Ubuntu 12.04 ESM (Precise Pangolin):released (1:4.1.4.2+svn3283-3ubuntu5.2)
Ubuntu 14.04 ESM (Trusty Tahr):released (1:4.1.5.1-1ubuntu9.4)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:4.2-3.1ubuntu5.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:4.2-3.2ubuntu2)
Patches:
Upstream:https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686
Package
Priority: Negligible
Upstream:released (2.29.2-1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (binary not built)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (binary not built)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (binary not built)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.31.1-0.4ubuntu3.3)
Patches:
Upstream:https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891
More Information

Updated: 2020-07-28 20:01:15 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)