CVE-2017-2616

Priority
Description
A race condition was found in util-linux before 2.32.1 in the way su
handled the management of child processes. A local authenticated attacker
could use this flaw to kill other processes with root privileges under
specific conditions.
Notes
sbeattieubuntu uses su from shadow package, not util-linux up until
(2.32-0.2)
Package
Upstream:released (1:4.4-4)
Ubuntu 12.04 ESM (Precise Pangolin):released (1:4.1.4.2+svn3283-3ubuntu5.2)
Ubuntu 14.04 ESM (Trusty Tahr):released (1:4.1.5.1-1ubuntu9.4)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:4.2-3.1ubuntu5.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:4.2-3.2ubuntu2)
Ubuntu 19.04 (Disco Dingo):released (1:4.2-3.2ubuntu2)
Ubuntu 19.10 (Eoan Ermine):released (1:4.2-3.2ubuntu2)
Patches:
Upstream:https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686
Package
Priority: Negligible
Upstream:released (2.29.2-1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (binary not built)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (binary not built)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (binary not built)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.31.1-0.4ubuntu3.3)
Ubuntu 19.04 (Disco Dingo):not-affected (2.31.1-0.4ubuntu3.3)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.31.1-0.4ubuntu3.3)
Patches:
Upstream:https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891
More Information

Updated: 2019-12-05 21:08:42 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)