Your message dated Fri, 24 Feb 2017 01:33:47 +0000
with message-id <[email protected]>
and subject line Bug#855943: fixed in shadow 1:4.4-4
has caused the Debian Bug report #855943,
regarding shadow: CVE-2017-2616: Sending SIGKILL to other processes with root
privileges via su
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
855943: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: shadow
Version: 1:4.2-3
Severity: grave
Tags: upstream security
Justification: user security hole
Hi,
the following vulnerability was published for shadow. The same issue
as found in util-linux's su is present for su from shadow. The fix is
going to be commited to shadow's master branch is the git repo.
CVE-2017-2616[0]:
Sending SIGKILL to other processes with root privileges via su
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-2616
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: shadow
Source-Version: 1:4.4-4
We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <[email protected]> (supplier of updated shadow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 24 Feb 2017 01:33:25 +0100
Source: shadow
Binary: passwd login uidmap
Architecture: source
Version: 1:4.4-4
Distribution: unstable
Urgency: high
Maintainer: Shadow package maintainers
<[email protected]>
Changed-By: Balint Reczey <[email protected]>
Description:
login - system login tools
passwd - change and administer password and group data
uidmap - programs to help use subuids
Closes: 855943
Changes:
shadow (1:4.4-4) unstable; urgency=high
.
* su: properly clear child PID (CVE-2017-2616) (Closes: #855943)
Checksums-Sha1:
a6bb314b9924e70c1fbf883d7694312f155e4a90 2262 shadow_4.4-4.dsc
775a46860e9e21ecda43341a09933995a15c4c2d 601652 shadow_4.4-4.debian.tar.xz
Checksums-Sha256:
72ed4408feff4a90a9e9df3fa0d9a7469b064eb598935ff469d277a01294f20d 2262
shadow_4.4-4.dsc
779126d9b41bb1cd616172086b38c82a2db2786be0b63368f3cd14b5b328feaf 601652
shadow_4.4-4.debian.tar.xz
Files:
36e77e243617748361762878bf0d5c0b 2262 admin required shadow_4.4-4.dsc
fda4004195b8bc7dce10280ac54e8b56 601652 admin required
shadow_4.4-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJYr4SuAAoJEPZk0la0aRp9t+IQALnGmu2DczVbhaSLfOkY7lCF
i5lsi5dhsjKLCLR8BnxU+GAv1tFLLkXjlDzeFcv6MtxXkD3tMBWwoKMfRGNPn5wg
a89SZyeI8PmMKQ5uCgORrScVXKLyIwrr+yGuM+boLBkJuzj4cTHkUvqNkNEje1ux
+3OBiHq5RyZU65/6IA44TTVrETHYQOn3vp+nQnhceSUt41wg/kY1V5ATGyDElksi
8EDzDZjoOSnALaeW8EbNJ1e3AjTxPZV5auSw1W4ZI0+igMZxcWKQ152THlq2a7JL
+43AIRdkBrUSX0V99MtNOSzmm5BfwJl2InGttRoh2DkVBoEf01B7jEJ2yvyWSU34
p52F3uizHJ/NVu9iCcWHJMexyhDzQysJsa2NJilvhLBNHcMD2xKYB1Er02uj5cNl
klyxKbI6amS8aIcUDSY1r3JX5147L2/HHyTyonnTnK98VMnjVKmvzkTjwqL57XIo
EdF4LOCMc8znsstq9bUcoBAO/GqC+GD2kmemveUeyOoq0FWFRICf+rdeMwebKhUC
E4ILYvdvGQfvcq7z6tCpTmKifQHbxt3KwrEfaydjLNio5cuOkFUAOq4S33Vi2eFn
00dg53rytL9gSkIzCaj0YGHJ8h7dpWzdTpdQuUvo34S9XTsEFTVI2/VHPZp02/AZ
jmI0PrqjnM9lZ9HP9Rrz
=sh32
-----END PGP SIGNATURE-----
--- End Message ---
