ALAS-2017-823


Amazon Linux 1 Security Advisory: ALAS-2017-823
Advisory Release Date: 2017-04-27 00:00 Pacific
Advisory Updated Date: 2017-04-27 19:49 Pacific
Severity: Medium

Issue Overview:

Sending SIGKILL to other processes with root privileges via su:
A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.(CVE-2017-2616)


Affected Packages:

util-linux


Issue Correction:
Run yum update util-linux to update your system.

New Packages:
i686:
    util-linux-2.23.2-33.28.amzn1.i686
    libblkid-devel-2.23.2-33.28.amzn1.i686
    libuuid-2.23.2-33.28.amzn1.i686
    uuidd-2.23.2-33.28.amzn1.i686
    libmount-devel-2.23.2-33.28.amzn1.i686
    util-linux-debuginfo-2.23.2-33.28.amzn1.i686
    libuuid-devel-2.23.2-33.28.amzn1.i686
    libblkid-2.23.2-33.28.amzn1.i686
    libmount-2.23.2-33.28.amzn1.i686

src:
    util-linux-2.23.2-33.28.amzn1.src

x86_64:
    libuuid-devel-2.23.2-33.28.amzn1.x86_64
    libblkid-2.23.2-33.28.amzn1.x86_64
    util-linux-2.23.2-33.28.amzn1.x86_64
    libmount-2.23.2-33.28.amzn1.x86_64
    libblkid-devel-2.23.2-33.28.amzn1.x86_64
    libuuid-2.23.2-33.28.amzn1.x86_64
    util-linux-debuginfo-2.23.2-33.28.amzn1.x86_64
    uuidd-2.23.2-33.28.amzn1.x86_64
    libmount-devel-2.23.2-33.28.amzn1.x86_64