Package libcap updated to version 2.24-alt1 for branch sisyphus in task 119038.

Published: 2014-02-08
Modified: 2014-02-10

CVE-2011-4099

The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.

Severity: MEDIUM (4.6)

References:

https://sites.google.com/site/fullycapable/release-notes-for-libcap/releasenotesfor222
https://bugzilla.redhat.com/show_bug.cgi?id=722694
RHSA-2011:1694

Published: 2023-06-06
Modified: 2024-11-21

CVE-2023-2602

A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.

Severity: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

References:

https://bugzilla.redhat.com/show_bug.cgi?id=2209114
FEDORA-2023-5911638116
FEDORA-2023-ad944c2d34
https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=2209114
https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf
FEDORA-2023-ad944c2d34
FEDORA-2023-5911638116

Обновить бы до актуальной версии (2.24 сейчас)

Version: 2.1.0

Package libcap update in sisyphus on 2014-05-01

ALT-PU-2014-1578-2

Closed vulnerabilities

CVE-2011-4099

CVE-2023-2602

Closed bugs

Bug #29286