Security Advisory Moderate: coreutils security and bug fix update

Advisory: RHSA-2017:0654-1
Type: Security Advisory
Severity: Moderate
Issued on: 2017-03-21
Last updated on: 2017-03-21
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2017-2616

Details

An update for coreutils is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The coreutils packages contain the GNU Core Utilities and represent a
combination of the previously used GNU fileutils, sh-utils, and textutils
packages.

Security Fix(es):

* A race condition was found in the way su handled the management of child
processes. A local authenticated attacker could use this flaw to kill other
processes with root privileges under specific conditions. (CVE-2017-2616)

Red Hat would like to thank Tobias Stöckmann for reporting this issue.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise
Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked
from the References section.


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
coreutils-8.4-46.el6.src.rpm     MD5: e725c095bcf88b88799febef9ca272f8
SHA-256: a0d609828834c9555ebff6c6bdc041efcc6271c0025b6942a7ae08b1d48ba7c3
 
IA-32:
coreutils-8.4-46.el6.i686.rpm     MD5: 773ef5c6fc7dc8df55249d03539b1f54
SHA-256: c3b7e967b4d0fc8836cb39466c753f49a7738ccc16494d73687a188e1754c9fd
coreutils-debuginfo-8.4-46.el6.i686.rpm     MD5: 4be51b61103e137d325d436eb2ee94d5
SHA-256: 45727985453732780b47541e00fb1c3c14173634709824c5444ed416a07705c0
coreutils-libs-8.4-46.el6.i686.rpm     MD5: 9018b7be83bf8663d1f3d52c5841bf67
SHA-256: cad6786389b54f5348f67af761212b61f2d535faef90859ce37cb71318f37489
 
x86_64:
coreutils-8.4-46.el6.x86_64.rpm     MD5: 73be0d3eb9d879c56b3b6bfebcbec53a
SHA-256: fbdf39d814d632f7fe53d4149c68de75620b74c3dab49d01470a17ce3ffeed3f
coreutils-debuginfo-8.4-46.el6.x86_64.rpm     MD5: 642bf340638e4bf38ff4f0035e2a10a3
SHA-256: a7275721017b130f89025aca13dd76253eb41d6fce3b1eb6837cbff992b978b8
coreutils-libs-8.4-46.el6.x86_64.rpm     MD5: 599bdbace2af9ff1021974e669f03750
SHA-256: e18fbc74cee4697c6c710440d3b2bb8a236c8adffb229923c3ab88508f259ef6
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
coreutils-8.4-46.el6.src.rpm     MD5: e725c095bcf88b88799febef9ca272f8
SHA-256: a0d609828834c9555ebff6c6bdc041efcc6271c0025b6942a7ae08b1d48ba7c3
 
x86_64:
coreutils-8.4-46.el6.x86_64.rpm     MD5: 73be0d3eb9d879c56b3b6bfebcbec53a
SHA-256: fbdf39d814d632f7fe53d4149c68de75620b74c3dab49d01470a17ce3ffeed3f
coreutils-debuginfo-8.4-46.el6.x86_64.rpm     MD5: 642bf340638e4bf38ff4f0035e2a10a3
SHA-256: a7275721017b130f89025aca13dd76253eb41d6fce3b1eb6837cbff992b978b8
coreutils-libs-8.4-46.el6.x86_64.rpm     MD5: 599bdbace2af9ff1021974e669f03750
SHA-256: e18fbc74cee4697c6c710440d3b2bb8a236c8adffb229923c3ab88508f259ef6
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
coreutils-8.4-46.el6.src.rpm     MD5: e725c095bcf88b88799febef9ca272f8
SHA-256: a0d609828834c9555ebff6c6bdc041efcc6271c0025b6942a7ae08b1d48ba7c3
 
IA-32:
coreutils-8.4-46.el6.i686.rpm     MD5: 773ef5c6fc7dc8df55249d03539b1f54
SHA-256: c3b7e967b4d0fc8836cb39466c753f49a7738ccc16494d73687a188e1754c9fd
coreutils-debuginfo-8.4-46.el6.i686.rpm     MD5: 4be51b61103e137d325d436eb2ee94d5
SHA-256: 45727985453732780b47541e00fb1c3c14173634709824c5444ed416a07705c0
coreutils-libs-8.4-46.el6.i686.rpm     MD5: 9018b7be83bf8663d1f3d52c5841bf67
SHA-256: cad6786389b54f5348f67af761212b61f2d535faef90859ce37cb71318f37489
 
PPC:
coreutils-8.4-46.el6.ppc64.rpm     MD5: 3687e805fc199751c33401cf11e5afd2
SHA-256: 5015476112b4de4d3aff5c5b43694848854e0dd4a69eba85736c07d0083ca0dc
coreutils-debuginfo-8.4-46.el6.ppc64.rpm     MD5: c3b2f778bf22d3c436e32ed622f362cf
SHA-256: ce0c4eb6d5cb80b0fbec523e94d1803d89eb395caa68f43fd1a2a1ac77b94700
coreutils-libs-8.4-46.el6.ppc64.rpm     MD5: 00ba41683064b002462638b0d50f9e36
SHA-256: 9e603f95a969f42435cb367d43fad965c610dbca0ce3995ec9028167f14346f0
 
s390x:
coreutils-8.4-46.el6.s390x.rpm     MD5: aed13ccd1403f0e15e042c46b68f9d65
SHA-256: 2bdbd122b954848e5ef51695cf8024db4886f092e711f8a47d3fb10011ec8b70
coreutils-debuginfo-8.4-46.el6.s390x.rpm     MD5: dc1a1942bffaafdc498f2656c6276a67
SHA-256: 7c4708d7da6ea035597a763e5ebd0ea66a4d1e85bba9ed7bfebe413228df3c4b
coreutils-libs-8.4-46.el6.s390x.rpm     MD5: 2cb2ed173667c0301e4638283bb8a124
SHA-256: 90fc96ce357c0ab246e878faec3b93026e1f4b58883949aa1b33d9ecd2814873
 
x86_64:
coreutils-8.4-46.el6.x86_64.rpm     MD5: 73be0d3eb9d879c56b3b6bfebcbec53a
SHA-256: fbdf39d814d632f7fe53d4149c68de75620b74c3dab49d01470a17ce3ffeed3f
coreutils-debuginfo-8.4-46.el6.x86_64.rpm     MD5: 642bf340638e4bf38ff4f0035e2a10a3
SHA-256: a7275721017b130f89025aca13dd76253eb41d6fce3b1eb6837cbff992b978b8
coreutils-libs-8.4-46.el6.x86_64.rpm     MD5: 599bdbace2af9ff1021974e669f03750
SHA-256: e18fbc74cee4697c6c710440d3b2bb8a236c8adffb229923c3ab88508f259ef6
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
coreutils-8.4-46.el6.src.rpm     MD5: e725c095bcf88b88799febef9ca272f8
SHA-256: a0d609828834c9555ebff6c6bdc041efcc6271c0025b6942a7ae08b1d48ba7c3
 
IA-32:
coreutils-8.4-46.el6.i686.rpm     MD5: 773ef5c6fc7dc8df55249d03539b1f54
SHA-256: c3b7e967b4d0fc8836cb39466c753f49a7738ccc16494d73687a188e1754c9fd
coreutils-debuginfo-8.4-46.el6.i686.rpm     MD5: 4be51b61103e137d325d436eb2ee94d5
SHA-256: 45727985453732780b47541e00fb1c3c14173634709824c5444ed416a07705c0
coreutils-libs-8.4-46.el6.i686.rpm     MD5: 9018b7be83bf8663d1f3d52c5841bf67
SHA-256: cad6786389b54f5348f67af761212b61f2d535faef90859ce37cb71318f37489
 
x86_64:
coreutils-8.4-46.el6.x86_64.rpm     MD5: 73be0d3eb9d879c56b3b6bfebcbec53a
SHA-256: fbdf39d814d632f7fe53d4149c68de75620b74c3dab49d01470a17ce3ffeed3f
coreutils-debuginfo-8.4-46.el6.x86_64.rpm     MD5: 642bf340638e4bf38ff4f0035e2a10a3
SHA-256: a7275721017b130f89025aca13dd76253eb41d6fce3b1eb6837cbff992b978b8
coreutils-libs-8.4-46.el6.x86_64.rpm     MD5: 599bdbace2af9ff1021974e669f03750
SHA-256: e18fbc74cee4697c6c710440d3b2bb8a236c8adffb229923c3ab88508f259ef6
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1321643 - Bug in /etc/profile.d/colorls.sh when using the ksh shell [el6]
1418710 - CVE-2017-2616 util-linux: Sending SIGKILL to other processes with root privileges via su


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/