From mboxrd@z Thu Jan 1 00:00:00 1970 From: Maxim Cournoyer Subject: Re: CVE-2017-2616 in `su` Date: Thu, 23 Feb 2017 19:03:58 -0800 Message-ID: References: <20170223210410.GA24019@jasmine> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=001a114569d42a547805493dfbfc Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:37414) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ch6As-0004OU-J3 for guix-devel@gnu.org; Thu, 23 Feb 2017 22:04:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ch6Ar-0002Dm-92 for guix-devel@gnu.org; Thu, 23 Feb 2017 22:04:02 -0500 Received: from mail-qk0-x230.google.com ([2607:f8b0:400d:c09::230]:33685) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ch6Ar-0002D8-4J for guix-devel@gnu.org; Thu, 23 Feb 2017 22:04:01 -0500 Received: by mail-qk0-x230.google.com with SMTP id n127so9148138qkf.0 for ; Thu, 23 Feb 2017 19:03:59 -0800 (PST) In-Reply-To: <20170223210410.GA24019@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel --001a114569d42a547805493dfbfc Content-Type: text/plain; charset=UTF-8 Thanks, Leo! Maxim On Thu, Feb 23, 2017 at 1:04 PM, Leo Famulari wrote: > In commit 1c851cbe0c562894bd38c0f9f39d12be306b3e59 I added a patch > to the shadow package that fixes CVE-2017-2616 in `su`. > > This bug makes it possible for any local user to send SIGKILL to other > processes with root privileges. For example, you could use this bug to > make another user's screen locker exit. > > It is recommended to update your GuixSD systems, since shadow provides > `su` on GuixSD. > > More information: > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616 > http://seclists.org/oss-sec/2017/q1/490 > http://seclists.org/oss-sec/2017/q1/474 > https://github.com/shadow-maint/shadow/commit/ > 08fd4b69e84364677a10e519ccb25b71710ee686 > > I also fixed the bug in util-linux by grafting this patch: > > https://github.com/karelzak/util-linux/commit/ > dffab154d29a288aa171ff50263ecc8f2e14a891 > --001a114569d42a547805493dfbfc Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Thanks, Leo!

Maxim

On Thu, Feb 23, 2017 at 1:0= 4 PM, Leo Famulari <leo@famulari.name> wrote:
In commit 1c851cbe0c562894bd38c0f9f39d12be306b3e59= I added a patch
to the shadow package that fixes CVE-2017-2616 in `su`.

This bug makes it possible for any local user to send SIGKILL to other
processes with root privileges. For example, you could use this bug to
make another user's screen locker exit.

It is recommended to update your GuixSD systems, since shadow provides
`su` on GuixSD.

More information:

https://cve.mitre.org/cgi-bin/cve= name.cgi?name=3DCVE-2017-2616
http://seclists.org/oss-sec/2017/q1/490
http://seclists.org/oss-sec/2017/q1/474
https://github= .com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686

I also fixed the bug in util-linux by grafting this patch:

https://github= .com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891

--001a114569d42a547805493dfbfc--