Fix CVE-2017-2616:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616
http://seclists.org/oss-sec/2017/q1/474

Patch copied from upstream source repository:

https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=dffab154d29a288aa171ff50263ecc8f2e14a891

From b018571132cb8c9fece3d75ed240cc74cdb5f0f7 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 1 Feb 2017 11:58:09 +0100
Subject: [PATCH] su: properly clear child PID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported-by: Tobias Stöckmann <tobias@stoeckmann.org>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
 login-utils/su-common.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index 0ea4e40bd..b1720f037 100644
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -376,6 +376,9 @@ create_watching_parent (void)
             }
           else
             status = WEXITSTATUS (status);
+
+	  /* child is gone, don't use the PID anymore */
+	  child = (pid_t) -1;
         }
       else if (caught_signal)
         status = caught_signal + 128;
@@ -385,7 +388,7 @@ create_watching_parent (void)
   else
     status = 1;
 
-  if (caught_signal)
+  if (caught_signal && child != (pid_t)-1)
     {
       fprintf (stderr, _("\nSession terminated, killing shell..."));
       kill (child, SIGTERM);
@@ -395,9 +398,12 @@ create_watching_parent (void)
 
   if (caught_signal)
     {
-      sleep (2);
-      kill (child, SIGKILL);
-      fprintf (stderr, _(" ...killed.\n"));
+      if (child != (pid_t)-1)
+	{
+	  sleep (2);
+	  kill (child, SIGKILL);
+	  fprintf (stderr, _(" ...killed.\n"));
+	}
 
       /* Let's terminate itself with the received signal.
        *
-- 
2.11.1