AOSA-2017-0029: UPDATE UTIL-LINUX

MARCH 4, 2017

Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program. – Linus Torvalds

Please update your util-linux package to version 2.29.2.

A recently released update to Util-Linux has address a security vulnerability, assigned with CVE-2017-2616.

It is possible for any local user to send SIGKILL to other processes with root privileges. To exploit this, the user must be able to perform su with a successful login. SIGKILL can only be sent to processes which were executed after the su process. It is not possible to send SIGKILL to processes which were already running.

Relevant documentation:

1488595794440