漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
Integer overflows in shadow utilities. A race condition in su.
漏洞危害
A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252)
A local attacker could cause su to send SIGKILL to other processes with root privileges. (CVE-2017-2616)
解决方案
Refer to Ubuntu advisory USN-3276-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3276-1: 17.04 (zesty) on src (uidmap)
USN-3276-1: 16.10 (Yakkety) on src (uidmap)
USN-3276-1: 16.10 (Yakkety) on src (passwd)
USN-3276-1: 14.04 (Kylin) on src (passwd)
USN-3276-1: 14.04 (Kylin) on src (uidmap)
USN-3276-1: 16.04 (Xenial) on src (login)
USN-3276-1: 17.04 (zesty) on src (passwd)
USN-3276-1: 17.04 (zesty) on src (login)
USN-3276-1: 16.04 (Xenial) on src (uidmap)
USN-3276-1: 16.04 (Xenial) on src (passwd)
0day
文章评论