What Are You Looking For?

Popular Tags

Sign Up
MGASA-2023-0205 - Updated libcap packages fix security vulnerability

Publication date: 28 Jun 2023
URL: https://advisories.mageia.org/MGASA-2023-0205.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2023-2602,
     CVE-2023-2603

A vulnerability was found in the pthread_create() function in libcap. This
issue may allow a malicious actor to use cause __real_pthread_create() to
return an error, which can exhaust the process memory. (CVE-2023-2602)

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup()
function and can lead to an integer overflow if the input string is close
to 4GiB. (CVE-2023-2603)

References:
- https://bugs.mageia.org/show_bug.cgi?id=31938
- https://www.openwall.com/lists/oss-security/2023/05/15/4
- https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe
- https://www.openwall.com/lists/oss-security/2023/05/16/2
- https://ubuntu.com/security/notices/USN-6166-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2602
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2603

SRPMS:
- 8/core/libcap-2.46-1.1.mga8

Mageia 2023-0205: libcap security update

A vulnerability was found in the pthread_create() function in libcap

Summary

A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. (CVE-2023-2602)
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. (CVE-2023-2603)

References

- https://bugs.mageia.org/show_bug.cgi?id=31938

- https://www.openwall.com/lists/oss-security/2023/05/15/4

- https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe

- https://www.openwall.com/lists/oss-security/2023/05/16/2

- https://ubuntu.com/security/notices/USN-6166-1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2602

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2603

Resolution

MGASA-2023-0205 - Updated libcap packages fix security vulnerability

SRPMS

- 8/core/libcap-2.46-1.1.mga8

Severity
Publication date: 28 Jun 2023
URL: https://advisories.mageia.org/MGASA-2023-0205.html
Type: security
CVE: CVE-2023-2602, CVE-2023-2603

Related News

Harden Ubuntu Server to Secure Your Container and Other Deployments

Sep 17, 2023

Mitigations for Critical c-ares DoS, Code Execution Bug Released

Sep 17, 2023

Critical Zero-Day Heap Buffer Overflow Vuln Fixed in Firefox, Thunderbird

Sep 17, 2023

Multiple Severe, Remotely Exploitable Chromium Vulns Fixed

Sep 15, 2023

News

Advisories

HOWTOs

Features

The Unseen Potential of Wake-on-LAN
Linux Vulnerabilities: The Antidote to This Linux Security Poison
Preventing Linux DDoS Attacks with Minimal Cybersecurity Knowledge
Navigating Software Scalability: A Practical Guide to Building Scalable Systems with Linux
Unlocking the Secrets of Linux Security: An Expert Analysis

About Us

Powered By

Footer Logo

Feedback