Debian Security Advisory

DLA-838-1 shadow -- LTS security update

Date Reported:
26 Feb 2017
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 855943.
In Mitre's CVE dictionary: CVE-2017-2616.
More information:

Tobias Stoeckmann discovered that su does not properly handle clearing a child PID. A local attacker can take advantage of this flaw to send SIGKILL to other processes with root privileges, resulting in denial of service.

For Debian 7 Wheezy, these problems have been fixed in version

We recommend that you upgrade your shadow packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: