Amazon Linux 1 Security Advisory: ALAS-2017-823
Advisory Release Date: 2017-04-27 00:00 Pacific
Advisory Updated Date: 2017-04-27 19:49 Pacific
Sending SIGKILL to other processes with root privileges via su:
A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.(CVE-2017-2616)
Affected Packages:
util-linux
Issue Correction:
Run yum update util-linux to update your system.
i686:
util-linux-2.23.2-33.28.amzn1.i686
libblkid-devel-2.23.2-33.28.amzn1.i686
libuuid-2.23.2-33.28.amzn1.i686
uuidd-2.23.2-33.28.amzn1.i686
libmount-devel-2.23.2-33.28.amzn1.i686
util-linux-debuginfo-2.23.2-33.28.amzn1.i686
libuuid-devel-2.23.2-33.28.amzn1.i686
libblkid-2.23.2-33.28.amzn1.i686
libmount-2.23.2-33.28.amzn1.i686
src:
util-linux-2.23.2-33.28.amzn1.src
x86_64:
libuuid-devel-2.23.2-33.28.amzn1.x86_64
libblkid-2.23.2-33.28.amzn1.x86_64
util-linux-2.23.2-33.28.amzn1.x86_64
libmount-2.23.2-33.28.amzn1.x86_64
libblkid-devel-2.23.2-33.28.amzn1.x86_64
libuuid-2.23.2-33.28.amzn1.x86_64
util-linux-debuginfo-2.23.2-33.28.amzn1.x86_64
uuidd-2.23.2-33.28.amzn1.x86_64
libmount-devel-2.23.2-33.28.amzn1.x86_64