Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Ubuntu 23.04 Moderate: USN-6166-1 libcap2 Denial of Service

ubuntu
Calendar Grey June 14, 2023
Dist Ubuntu Esm H88
Ubuntu has issued a security advisory USN-6166-1 addressing several vulnerabilities in libcap2 affecting numerous versions. Ensure to update promptly.
Several security issues were fixed in libcap2.

Summary

Several security issues were fixed in libcap2.

Software Description:

- libcap2: POSIX 1003.1e capabilities (library)

Details:

David Gstir discovered that libcap2 incorrectly handled certain return

codes. An attacker could possibly use this issue to cause libcap2 to

consume memory, leading to a denial of service. (CVE-2023-2602)

Richard Weinberger discovered that libcap2 incorrectly handled certain long

input strings. An attacker could use this issue to cause libcap2 to crash,

resulting in a denial of service, or possibly execute arbitrary code.

(CVE-2023-2603)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
   libcap2                         1:2.66-3ubuntu2.1
   libcap2-bin                     1:2.66-3ubuntu2.1

Ubuntu 22.10:
   libcap2                         1:2.44-1ubuntu0.22.10.1
   libcap2-bin                     1:2.44-1ubuntu0.22.10.1

Ubuntu 22.04 LTS:
   libcap2                         1:2.44-1ubuntu0.22.04.1
   libcap2-bin                     1:2.44-1ubuntu0.22.04.1

Ubuntu 20.04 LTS:
   libcap2                         1:2.32-1ubuntu0.1
   libcap2-bin                     1:2.32-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6166-1

CVE-2023-2602, CVE-2023-2603

June 14, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.