Updated libcap packages fix security vulnerability
Publication date: 28 Jun 2023Modification date: 28 Jun 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-2602 , CVE-2023-2603
Description
A vulnerability was found in the pthread_create() function in libcap. This
issue may allow a malicious actor to use cause __real_pthread_create() to
return an error, which can exhaust the process memory. (CVE-2023-2602)
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup()
function and can lead to an integer overflow if the input string is close
to 4GiB. (CVE-2023-2603)
References
- https://bugs.mageia.org/show_bug.cgi?id=31938
- https://www.openwall.com/lists/oss-security/2023/05/15/4
- https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe
- https://www.openwall.com/lists/oss-security/2023/05/16/2
- https://ubuntu.com/security/notices/USN-6166-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2602
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2603
SRPMS
8/core
- libcap-2.46-1.1.mga8