UbuntuUpdates.org

Package "libcap2"

Name: libcap2

Description:

POSIX 1003.1e capabilities (library)
Latest version: 1:2.44-1ubuntu0.22.04.2
Release: jammy (22.04)
Level: security
Repository: main
Homepage: https://sites.google.com/site/fullycapable/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libcap2"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libcap2" in Jammy

Repository Area Version
base main 1:2.44-1build3
updates main 1:2.44-1ubuntu0.22.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:2.44-1ubuntu0.22.04.2 2025-02-24 17:07:01 UTC

  libcap2 (1:2.44-1ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: incorrect group name handling
    - debian/patches/CVE-2025-1390-1.patch: fix potential configuration
      parsing error in pam_cap/pam_cap.c.
    - debian/patches/CVE-2025-1390-2.patch: add a test for bad group prefix
      in pam_cap/sudotest.conf.
    - CVE-2025-1390

 -- Marc Deslauriers <email address hidden> Thu, 20 Feb 2025 10:51:02 -0500
Source diff to previous version
CVE-2025-1390 The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@”

Version: 1:2.44-1ubuntu0.22.04.1 2023-06-14 15:07:12 UTC

  libcap2 (1:2.44-1ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: process memory exhaustion in pthread_create()
    - debian/patches/CVE-2023-2602.patch: correct the check of
      pthread_create()'s return value in psx/psx.c.
    - CVE-2023-2602
  * SECURITY UPDATE: integer overflow in _libcap_strdup()
    - debian/patches/CVE-2023-2603.patch: properly handle large strings in
      libcap/cap_alloc.c.
    - CVE-2023-2603

 -- Marc Deslauriers <email address hidden> Wed, 07 Jun 2023 08:31:30 -0400
CVE-2023-2602 A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to
CVE-2023-2603 A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is cl


About   -   Send Feedback to @ubuntu_updates