news 28 Posted February 27, 2017 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : shadow Version : 4.1.5.1-1+deb7u1 CVE ID : CVE-2017-2616 Debian Bug : 855943 Tobias Stoeckmann discovered that su does not properly handle clearing a child PID. A local attacker can take advantage of this flaw to send SIGKILL to other processes with root privileges, resulting in denial of service. For Debian 7 "Wheezy", these problems have been fixed in version 4.1.5.1-1+deb7u1. We recommend that you upgrade your shadow packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJYs2TMAAoJEPZk0la0aRp92h4P/AiI4RyMXC+6zWLWSNeAC2nM ubVHSCqJ0X+Ywn4YB0qm88BIni+xXFoZUuQS01qXW3vPPn2xLdR5apSwMAfhRyE6 NJAKQQplSARx33l5gdT+S1f2lqiga64OHeGq8cAXmV8LYL2xrfGf8ZjzRt3pS1fP 3vH17QfLEKlMVCN07ZeSu/lOQ8nPA5KKdpQg7NUfiheJT0TxdTch4zhDPEgwu3hr Ll/BSakluZiPUyQ7wMb/EwQcas64/5W/GE71FqDSi71vWZC0cijjxAx+ilcNCy4U zSHRVq+m35JiCyr5h2CEwWIef/Ot4kwdOPoGUP8zeYt8Stm5jsmSW7o1JFyiHq9d OaFi6+oWAJwVT3Mwra9+Gju2PL6BIuqiaeG1CZEpnWDnlZaMNsSf0wl0jnzzttFy qo+pX4rFbCqVUanf92ppNkFKQo0GNbyrRUA/DglXpctlD6K9y+GagV1ZF1RIHIjR eQlXgK5Uyx1F79SGupkZf/aHRJxgjd+lnPJR6mKOCfhazHLY7aQxU/JsS2BidVUn v91V4+tIHGHDoXfZom2EhLPKZTINgdhLQnzgr1ReOLZTS8jlG44VpBeDaGNak2f2 FVNu/oZfw/1QeEM1nov3Cjg9h1ZJhYH57d5ZphaOPUaoeG67Um275uFkEizEc9gI cLdDVx0wfRF5eLoTbaOV =ydYJ -----END PGP SIGNATURE----- Share this post Link to post