Your message dated Sun, 30 Apr 2017 16:02:08 +0000
with message-id <e1d4riw-000hdv...@fasolo.debian.org>
and subject line Bug#855943: fixed in shadow 1:4.2-3+deb8u2
has caused the Debian Bug report #855943,
regarding shadow: CVE-2017-2616: Sending SIGKILL to other processes with root
privileges via su
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
855943: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: shadow
Version: 1:4.2-3
Severity: grave
Tags: upstream security
Justification: user security hole
Hi,
the following vulnerability was published for shadow. The same issue
as found in util-linux's su is present for su from shadow. The fix is
going to be commited to shadow's master branch is the git repo.
CVE-2017-2616[0]:
Sending SIGKILL to other processes with root privileges via su
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-2616
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: shadow
Source-Version: 1:4.2-3+deb8u2
We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 855...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated shadow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 23 Feb 2017 17:21:08 +0100
Source: shadow
Binary: passwd login uidmap
Architecture: source
Version: 1:4.2-3+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Shadow package maintainers
<pkg-shadow-de...@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 855943
Description:
login - system login tools
passwd - change and administer password and group data
uidmap - programs to help use subuids
Changes:
shadow (1:4.2-3+deb8u2) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* su: properly clear child PID (CVE-2017-2616) (Closes: #855943)
Checksums-Sha1:
c3e8ed347cc5cdf177aea1a7dad0ac4bd9fa0fea 2514 shadow_4.2-3+deb8u2.dsc
77feddc823a42623462d3c3a9a49f2f6cf213ca9 1088696 shadow_4.2.orig.tar.xz
f8f70469cb194274f4cde6ac4a2b4c9e5d77e93f 497972
shadow_4.2-3+deb8u2.debian.tar.xz
Checksums-Sha256:
cf553e24a4c0ed69d2f2a616d9d67052ca4b5abbce8ab0684730dad093175a40 2514
shadow_4.2-3+deb8u2.dsc
c5bd72c4ecb438b99289e4630b22ea0626987a378d084910dbe59eceaa34be1d 1088696
shadow_4.2.orig.tar.xz
b26af3306d461e1d8ca2af048cea0b923fc2578a02260ac9dd341433a976df7f 497972
shadow_4.2-3+deb8u2.debian.tar.xz
Files:
f95516e28d244fc2d9e0a5ee3e58539e 2514 admin required shadow_4.2-3+deb8u2.dsc
912a5957c1471acccedbc2a635e36f5e 1088696 admin required shadow_4.2.orig.tar.xz
11763a71ec8d0d775ca739551c3e40a9 497972 admin required
shadow_4.2-3+deb8u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlivDWtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EvA0QAI8BiOus6FjI7JwjH6XMq2mMwADpwd+V
LrHI5xtbw0iuJfglel5J9tz3G6kbgX4Q3b4H0tvkL0KXrxlM45LJ3y3yPmJln7cx
7jK1sXsfNhMxbc+A+QDaqBBaKeHVs0gZqASbn5IbrFSM0hBX0vQYKlGqRy3eFQhw
D58fdUtd8ONqMBKsdwwl4f59qSzRJHqoTW6I3Sv1goEE3NRicrpMorUO7kZiIYff
dAne9wzZTrWflPwz3wLgjFqMM0O8th/HzYTGhQ4/6II7rHF9DAgG//FbRalB1yq5
7eR/dWTtIvTOxfoMrAOO33MFuSp3VORNyYK4ownrtzNVoCWUvlIiuCOeNj/Q64m8
vit+5xBPYrzsU1e/+9xLiFbD4kRAyXNxeuCu9GLCwqdNDf3TRpF8yIyTqGTb+DGZ
fWqIHutRtpqjO/IN/FYkvUe55D2F/jUMvrRXNEh/0FfxUkrYTrTxl81g5l6GmbDy
PQMDI8CW18MKaNbpVUzWXYXjG01iLyf/2ezmcCAUTiuN+kE00o31GPQ5QNQYM3KR
W5iJwwCGHJTp4zkDA2NDvgNwzs/zaYGsDKfRQnD6lQOg0GDyw82ZcOSkerD4k/BN
Y1mPu1MPHzxXnBOTk95mRH/MUPOtvNrt6ve1NH5OaE/h7sg7g+0Io2AZM+fSY5iz
sXCgTdySWMiI
=PoeK
-----END PGP SIGNATURE-----
--- End Message ---
