[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 838-1] shadow security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : shadow
Version        : 4.1.5.1-1+deb7u1
CVE ID         : CVE-2017-2616
Debian Bug     : 855943


Tobias Stoeckmann discovered that su does not properly handle clearing a
child PID. A local attacker can take advantage of this flaw to send
SIGKILL to other processes with root privileges, resulting in denial of
service.

For Debian 7 "Wheezy", these problems have been fixed in version
4.1.5.1-1+deb7u1.

We recommend that you upgrade your shadow packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJYs2TMAAoJEPZk0la0aRp92h4P/AiI4RyMXC+6zWLWSNeAC2nM
ubVHSCqJ0X+Ywn4YB0qm88BIni+xXFoZUuQS01qXW3vPPn2xLdR5apSwMAfhRyE6
NJAKQQplSARx33l5gdT+S1f2lqiga64OHeGq8cAXmV8LYL2xrfGf8ZjzRt3pS1fP
3vH17QfLEKlMVCN07ZeSu/lOQ8nPA5KKdpQg7NUfiheJT0TxdTch4zhDPEgwu3hr
Ll/BSakluZiPUyQ7wMb/EwQcas64/5W/GE71FqDSi71vWZC0cijjxAx+ilcNCy4U
zSHRVq+m35JiCyr5h2CEwWIef/Ot4kwdOPoGUP8zeYt8Stm5jsmSW7o1JFyiHq9d
OaFi6+oWAJwVT3Mwra9+Gju2PL6BIuqiaeG1CZEpnWDnlZaMNsSf0wl0jnzzttFy
qo+pX4rFbCqVUanf92ppNkFKQo0GNbyrRUA/DglXpctlD6K9y+GagV1ZF1RIHIjR
eQlXgK5Uyx1F79SGupkZf/aHRJxgjd+lnPJR6mKOCfhazHLY7aQxU/JsS2BidVUn
v91V4+tIHGHDoXfZom2EhLPKZTINgdhLQnzgr1ReOLZTS8jlG44VpBeDaGNak2f2
FVNu/oZfw/1QeEM1nov3Cjg9h1ZJhYH57d5ZphaOPUaoeG67Um275uFkEizEc9gI
cLdDVx0wfRF5eLoTbaOV
=ydYJ
-----END PGP SIGNATURE-----


Reply to: