[prev in list] [next in list] [prev in thread] [next in thread]
List: pkg-shadow-devel
Subject: [Pkg-shadow-devel] Bug#855943: marked as done (shadow: CVE-2017-2616: Sending SIGKILL to other proce
From: owner () bugs ! debian ! org (Debian Bug Tracking System)
Date: 2017-02-24 1:36:03
Message-ID: handler.855943.D855943.148790002929708.ackdone () bugs ! debian ! org
[Download RAW message or body]
Your message dated Fri, 24 Feb 2017 01:33:47 +0000
with message-id <E1ch4lX-000Ert-AV@fasolo.debian.org>
and subject line Bug#855943: fixed in shadow 1:4.4-4
has caused the Debian Bug report #855943,
regarding shadow: CVE-2017-2616: Sending SIGKILL to other processes with root privileges via su
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
855943: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
Received: (at submit) by bugs.debian.org; 23 Feb 2017 16:02:16 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.0-bugs.debian.org_2005_01_02
(2014-02-07) on buxtehude.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-10.2 required=4.0 tests=BAYES_00,FROMDEVELOPER,
RDNS_NONE,XMAILER_REPORTBUG,X_DEBBUGS_CC autolearn=ham autolearn_force=no
version=3.4.0-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 11; hammy, 122; neutral, 39; spammy,
1. spammytokens:0.954-+--H*r:bugs.debian.org
hammytokens:0.000-+--H*F:U*carnil, 0.000-+--H*M:reportbug,
0.000-+--H*MI:reportbug, 0.000-+--H*x:reportbug, 0.000-+--H*UA:reportbug
Return-path: <carnil@debian.org>
Received: from [2001:1620:f00:82fe:2b5:6dff:fe02:b8e2] (helo=eldamar.local)
by buxtehude.debian.org with esmtp (Exim 4.84_2)
(envelope-from <carnil@debian.org>)
id 1cgvqR-0005lJ-Vi
for submit@bugs.debian.org; Thu, 23 Feb 2017 16:02:16 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: shadow: CVE-2017-2616: Sending SIGKILL to other processes with root \
privileges via su
Message-ID: <148786573268.17779.4974050536875120936.reportbug@eldamar.local>
X-Mailer: reportbug 7.1.5
Date: Thu, 23 Feb 2017 17:02:12 +0100
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>, \
Debian Testing Security Team \
<secure-testing-team@lists.alioth.debian.org>
Delivered-To: submit@bugs.debian.org
Source: shadow
Version: 1:4.2-3
Severity: grave
Tags: upstream security
Justification: user security hole
Hi,
the following vulnerability was published for shadow. The same issue
as found in util-linux's su is present for su from shadow. The fix is
going to be commited to shadow's master branch is the git repo.
CVE-2017-2616[0]:
Sending SIGKILL to other processes with root privileges via su
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-2616
Regards,
Salvatore
Received: (at 855943-close) by bugs.debian.org; 24 Feb 2017 01:33:49 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.0-bugs.debian.org_2005_01_02
(2014-02-07) on buxtehude.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-9.5 required=4.0 tests=BAYES_00,DIGITS_LETTERS,
FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,HEADER_FROM_DIFFERENT_DOMAINS,PGPSIGNATURE,
RP_MATCHES_RCVD,URIBL_CNKR autolearn=ham autolearn_force=no
version=3.4.0-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 68; hammy, 150; neutral, 114; spammy,
0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK,
0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--HX-DAK:process-upload,
0.000-+--Hx-spam-relays-external:sk:envelop, 0.000-+--H*r:138.16.160
Return-path: <envelope@ftp-master.debian.org>
Received: from muffat.debian.org ([2607:f8f0:614:1::1274:33])
from C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP \
CA,CN=muffat.debian.org,EMAIL=hostmaster@muffat.debian.org (verified) by \
buxtehude.debian.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim \
4.84_2) (envelope-from <envelope@ftp-master.debian.org>)
id 1ch4lY-0007j0-Uu
for 855943-close@bugs.debian.org; Fri, 24 Feb 2017 01:33:48 +0000
Received: from [138.16.160.17] (helo=fasolo.debian.org)
from C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP \
CA,CN=fasolo.debian.org,EMAIL=hostmaster@fasolo.debian.org (verified) by \
muffat.debian.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim \
4.84_2) (envelope-from <envelope@ftp-master.debian.org>)
id 1ch4lY-0001aZ-Lq; Fri, 24 Feb 2017 01:33:48 +0000
Received: from dak by fasolo.debian.org with local (Exim 4.84_2)
(envelope-from <envelope@ftp-master.debian.org>)
id 1ch4lX-000Ert-AV; Fri, 24 Feb 2017 01:33:47 +0000
From: Balint Reczey <balint@balintreczey.hu>
To: 855943-close@bugs.debian.org
X-DAK: dak process-upload
X-Debian: DAK
X-Debian-Package: shadow
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Subject: Bug#855943: fixed in shadow 1:4.4-4
Message-Id: <E1ch4lX-000Ert-AV@fasolo.debian.org>
Date: Fri, 24 Feb 2017 01:33:47 +0000
Source: shadow
Source-Version: 1:4.4-4
We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 855943@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <balint@balintreczey.hu> (supplier of updated shadow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 24 Feb 2017 01:33:25 +0100
Source: shadow
Binary: passwd login uidmap
Architecture: source
Version: 1:4.4-4
Distribution: unstable
Urgency: high
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
Changed-By: Balint Reczey <balint@balintreczey.hu>
Description:
login - system login tools
passwd - change and administer password and group data
uidmap - programs to help use subuids
Closes: 855943
Changes:
shadow (1:4.4-4) unstable; urgency=high
.
* su: properly clear child PID (CVE-2017-2616) (Closes: #855943)
Checksums-Sha1:
a6bb314b9924e70c1fbf883d7694312f155e4a90 2262 shadow_4.4-4.dsc
775a46860e9e21ecda43341a09933995a15c4c2d 601652 shadow_4.4-4.debian.tar.xz
Checksums-Sha256:
72ed4408feff4a90a9e9df3fa0d9a7469b064eb598935ff469d277a01294f20d 2262 \
shadow_4.4-4.dsc 779126d9b41bb1cd616172086b38c82a2db2786be0b63368f3cd14b5b328feaf \
601652 shadow_4.4-4.debian.tar.xz Files:
36e77e243617748361762878bf0d5c0b 2262 admin required shadow_4.4-4.dsc
fda4004195b8bc7dce10280ac54e8b56 601652 admin required shadow_4.4-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJYr4SuAAoJEPZk0la0aRp9t+IQALnGmu2DczVbhaSLfOkY7lCF
i5lsi5dhsjKLCLR8BnxU+GAv1tFLLkXjlDzeFcv6MtxXkD3tMBWwoKMfRGNPn5wg
a89SZyeI8PmMKQ5uCgORrScVXKLyIwrr+yGuM+boLBkJuzj4cTHkUvqNkNEje1ux
+3OBiHq5RyZU65/6IA44TTVrETHYQOn3vp+nQnhceSUt41wg/kY1V5ATGyDElksi
8EDzDZjoOSnALaeW8EbNJ1e3AjTxPZV5auSw1W4ZI0+igMZxcWKQ152THlq2a7JL
+43AIRdkBrUSX0V99MtNOSzmm5BfwJl2InGttRoh2DkVBoEf01B7jEJ2yvyWSU34
p52F3uizHJ/NVu9iCcWHJMexyhDzQysJsa2NJilvhLBNHcMD2xKYB1Er02uj5cNl
klyxKbI6amS8aIcUDSY1r3JX5147L2/HHyTyonnTnK98VMnjVKmvzkTjwqL57XIo
EdF4LOCMc8znsstq9bUcoBAO/GqC+GD2kmemveUeyOoq0FWFRICf+rdeMwebKhUC
E4ILYvdvGQfvcq7z6tCpTmKifQHbxt3KwrEfaydjLNio5cuOkFUAOq4S33Vi2eFn
00dg53rytL9gSkIzCaj0YGHJ8h7dpWzdTpdQuUvo34S9XTsEFTVI2/VHPZp02/AZ
jmI0PrqjnM9lZ9HP9Rrz
=sh32
-----END PGP SIGNATURE-----
_______________________________________________
Pkg-shadow-devel mailing list
Pkg-shadow-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-shadow-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic