ALAS-2017-823

Metadata

medium
unknown
util-linux
CVE-2017-2616
2017-04-27
2017-04-27 21:03
v3.6/community/shadow-4.2.1-r7
v3.5/community/shadow-4.2.1-r7
CVE-2017-2616 util-linux
CVE-2017-2616 coreutils
CVE-2017-2616 shadow
CVE-2017-2616

Description

Sending SIGKILL to other processes with root privileges via su:A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.(CVE-2017-2616 )

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
libblkid libblkid-2.23.2-33.28.amzn1.x86_64
libblkid libblkid-2.23.2-33.28.amzn1.i686
libblkid-devel libblkid-devel-2.23.2-33.28.amzn1.i686
libblkid-devel libblkid-devel-2.23.2-33.28.amzn1.x86_64
libmount libmount-2.23.2-33.28.amzn1.x86_64
libmount libmount-2.23.2-33.28.amzn1.i686
libmount-devel libmount-devel-2.23.2-33.28.amzn1.i686
libmount-devel libmount-devel-2.23.2-33.28.amzn1.x86_64
libuuid libuuid-2.23.2-33.28.amzn1.x86_64
libuuid libuuid-2.23.2-33.28.amzn1.i686
libuuid-devel libuuid-devel-2.23.2-33.28.amzn1.x86_64
libuuid-devel libuuid-devel-2.23.2-33.28.amzn1.i686
util-linux util-linux-2.23.2-33.28.amzn1.i686
util-linux util-linux-2.23.2-33.28.amzn1.x86_64
util-linux util-linux-2.23.2-33.28.amzn1.src
util-linux-debuginfo util-linux-debuginfo-2.23.2-33.28.amzn1.x86_64
util-linux-debuginfo util-linux-debuginfo-2.23.2-33.28.amzn1.i686
uuidd uuidd-2.23.2-33.28.amzn1.i686
uuidd uuidd-2.23.2-33.28.amzn1.x86_64