The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-19346 http://linux.oracle.com/errata/ELSA-2026-19346.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: libcap-2.48-10.el9_8.1.i686.rpm libcap-2.48-10.el9_8.1.x86_64.rpm libcap-devel-2.48-10.el9_8.1.i686.rpm libcap-devel-2.48-10.el9_8.1.x86_64.rpm aarch64: libcap-2.48-10.el9_8.1.aarch64.rpm libcap-devel-2.48-10.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/libcap-2.48-10.el9_8.1.src.rpm Related CVEs: CVE-2026-4878 Description of changes: [2.48-10.1] - Fix TOCTOU race condition in cap_set_file() (CVE-2026-4878) Resolves: RHEL-169312 _______________________________________________ El-errata mailing list
libcap could be made to modify capabilities on arbitrary files.. ========================================================================== Ubuntu Security Notice USN-8193-2 June 23, 2026 libcap2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: libcap could be made to modify capabilities on arbitrary files. Software Description: - libcap2: POSIX 1003.1e capabilities library Details: USN-8193-1 fixed a vulnerability in libcap. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Ali Raza discovered that libcap incorrectly handled file capability updates. A local attacker could possibly use this issue to inject or strip capabilities into arbitrary executables and escalate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libcap-dev 1:2.32-1ubuntu0.2+esm1 Available with Ubuntu Pro libcap2 1:2.32-1ubuntu0.2+esm1 Available with Ubuntu Pro libcap2-bin 1:2.32-1ubuntu0.2+esm1 Available with Ubuntu Pro libpam-cap 1:2.32-1ubuntu0.2+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libcap-dev 1:2.25-1.2ubuntu0.1~esm2 Available with Ubuntu Pro libcap2 1:2.25-1.2ubuntu0.1~esm2 Available with Ubuntu Pro libcap2-bin 1:2.25-1.2ubuntu0.1~esm2 Available with Ubuntu Pro libpam-cap 1:2.25-1.2ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS libcap-dev 1:2.24-12ubuntu0.1~esm2 Available with Ubuntu Pro libcap2 1:2.24-12ubuntu0.1~esm2 Available with Ubuntu Pro libcap2-bin 1:2.24-12ubuntu0.1~esm2 Available with Ubuntu Pro libpam-cap 1:2.24-12ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 14.04 LTS libcap-dev 1:2.24-0ubuntu2+esm2 Available with Ubuntu Pro libcap2 1:2.24-0ubuntu2+esm2 Available with Ubuntu Pro libcap2-bin 1:2.24-0ubuntu2+esm2 Available with Ubuntu Pro libpam-cap 1:2.24-0ubuntu2+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8193-2 https://ubuntu.com/security/notices/USN-8193-1 CVE-2026-4878 . modification of file capabilities could allow unprivileged users to escalate privileges on Ubuntu systems. Update recommended!. Ubuntu Security Notice, libcap vulnerability, privilege escalation, capability modification. . LinuxSecurity.com Team
Security update. Publication date: 18 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0221.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-4878 Description: CVE-2026-4878. A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation. References: - https://bugs.mageia.org/show_bug.cgi?id=35329 - https://www.openwall.com/lists/oss-security/2026/04/07/4 - https://www.openwall.com/lists/oss-security/2026/04/07/14 - https://www.cve.org/CVERecord?id=CVE-2026-4878 SRPMS: - 9/core/libcap-2.52-5.2.mga9 . Local attackers can exploit a TOCTOU race condition in libcap, leading to privilege elevation risks in Mageia.. Mageia Security Update, Privilege Escalation Libcap, TOCTOU Race Conditions. . LinuxSecurity.com Team
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-13285 http://linux.oracle.com/errata/ELSA-2026-13285.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libcap-2.48-6.el8_10.1.i686.rpm libcap-2.48-6.el8_10.1.x86_64.rpm libcap-devel-2.48-6.el8_10.1.i686.rpm libcap-devel-2.48-6.el8_10.1.x86_64.rpm aarch64: libcap-2.48-6.el8_10.1.aarch64.rpm libcap-devel-2.48-6.el8_10.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/libcap-2.48-6.el8_10.1.src.rpm Related CVEs: CVE-2026-4878 Description of changes: [2.48-6.1] - Fix TOCTOU race condition in cap_set_file() (CVE-2026-4878) Resolves: RHEL-169304 _______________________________________________ El-errata mailing list
Important: libcap security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:13285", "synopsis": "Important: libcap security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libcap.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) draft 15 capabilities.\n\nSecurity Fix(es):\n\n* libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() (CVE-2026-4878)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2451615", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "description": ""}], "cves": [{"name": "CVE-2026-4878", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "6.7", "cwe": "CWE-367"}], "references": [], "publishedAt": "2026-05-06T06:00:43.332340Z", "rpms": {"Rocky Linux 8": {"nvras": ["libcap-0:2.48-6.el8_10.1.aarch64.rpm", "libcap-0:2.48-6.el8_10.1.i686.rpm", "libcap-0:2.48-6.el8_10.1.src.rpm", "libcap-0:2.48-6.el8_10.1.x86_64.rpm", "libcap-debuginfo-0:2.48-6.el8_10.1.aarch64.rpm", "libcap-debuginfo-0:2.48-6.el8_10.1.i686.rpm", "libcap-debuginfo-0:2.48-6.el8_10.1.x86_64.rpm", "libcap-debugsource-0:2.48-6.el8_10.1.aarch64.rpm", "libcap-debugsource-0:2.48-6.el8_10.1.i686.rpm", "libcap-debugsource-0:2.48-6.el8_10.1.x86_64.rpm", "libcap-devel-0:2.48-6.el8_10.1.aarch64.rpm", "libcap-devel-0:2.48-6.el8_10.1.i686.rpm", "libcap-devel-0:2.48-6.el8_10.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}.Important security update for libcap on Rocky Linux 8 addressing privilege escalation risks. Apply the update promptly.. libcap security update, Rocky Linux update, privilege escalation risk. . LinuxSecurity.com Team
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-12423 http://linux.oracle.com/errata/ELSA-2026-12423.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: libcap-2.69-7.el10_1.1.x86_64.rpm libcap-devel-2.69-7.el10_1.1.x86_64.rpm aarch64: libcap-2.69-7.el10_1.1.aarch64.rpm libcap-devel-2.69-7.el10_1.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/libcap-2.69-7.el10_1.1.src.rpm Related CVEs: CVE-2026-4878 Description of changes: [2.69-7.1] - Fix TOCTOU race condition in cap_set_file() (CVE-2026-4878) Resolves: RHEL-169301 _______________________________________________ El-errata mailing list
Important: libcap security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:12423", "synopsis": "Important: libcap security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libcap.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) draft 15 capabilities.\n\nSecurity Fix(es):\n\n* libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() (CVE-2026-4878)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2451615", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "description": ""}], "cves": [{"name": "CVE-2026-4878", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "6.7", "cwe": "CWE-367"}], "references": [], "publishedAt": "2026-05-03T12:06:49.800095Z", "rpms": {"Rocky Linux 10": {"nvras": ["libcap-debugsource-0:2.69-7.el10_1.1.ppc64le.rpm", "libcap-0:2.69-7.el10_1.1.src.rpm", "libcap-0:2.69-7.el10_1.1.ppc64le.rpm", "libcap-0:2.69-7.el10_1.1.x86_64.rpm", "libcap-devel-0:2.69-7.el10_1.1.aarch64.rpm", "libcap-debugsource-0:2.69-7.el10_1.1.aarch64.rpm", "libcap-debugsource-0:2.69-7.el10_1.1.s390x.rpm", "libcap-debuginfo-0:2.69-7.el10_1.1.x86_64.rpm", "libcap-devel-0:2.69-7.el10_1.1.x86_64.rpm", "libcap-debugsource-0:2.69-7.el10_1.1.x86_64.rpm", "libcap-0:2.69-7.el10_1.1.aarch64.rpm", "libcap-debuginfo-0:2.69-7.el10_1.1.aarch64.rpm", "libcap-devel-0:2.69-7.el10_1.1.ppc64le.rpm","libcap-debuginfo-0:2.69-7.el10_1.1.s390x.rpm", "libcap-0:2.69-7.el10_1.1.s390x.rpm", "libcap-debuginfo-0:2.69-7.el10_1.1.ppc64le.rpm", "libcap-devel-0:2.69-7.el10_1.1.s390x.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A libcap security update is crucial for Rocky Linux 10 users to mitigate a privilege escalation risk. Install the update.. Rocky Linux libcap security update, Important libcap update, privilege escalation fix. . LinuxSecurity.com Team
Important: libcap security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:12441", "synopsis": "Important: libcap security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libcap.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) draft 15 capabilities.\n\nSecurity Fix(es):\n\n* libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() (CVE-2026-4878)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2451615", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "description": ""}], "cves": [{"name": "CVE-2026-4878", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "6.7", "cwe": "CWE-367"}], "references": [], "publishedAt": "2026-05-03T12:03:41.515195Z", "rpms": {"Rocky Linux 9": {"nvras": ["libcap-0:2.48-10.el9_7.1.aarch64.rpm", "libcap-0:2.48-10.el9_7.1.i686.rpm", "libcap-0:2.48-10.el9_7.1.ppc64le.rpm", "libcap-0:2.48-10.el9_7.1.s390x.rpm", "libcap-0:2.48-10.el9_7.1.src.rpm", "libcap-0:2.48-10.el9_7.1.x86_64.rpm", "libcap-debuginfo-0:2.48-10.el9_7.1.aarch64.rpm", "libcap-debuginfo-0:2.48-10.el9_7.1.i686.rpm", "libcap-debuginfo-0:2.48-10.el9_7.1.ppc64le.rpm", "libcap-debuginfo-0:2.48-10.el9_7.1.s390x.rpm", "libcap-debuginfo-0:2.48-10.el9_7.1.x86_64.rpm", "libcap-debugsource-0:2.48-10.el9_7.1.aarch64.rpm", "libcap-debugsource-0:2.48-10.el9_7.1.i686.rpm", "libcap-debugsource-0:2.48-10.el9_7.1.ppc64le.rpm","libcap-debugsource-0:2.48-10.el9_7.1.s390x.rpm", "libcap-debugsource-0:2.48-10.el9_7.1.x86_64.rpm", "libcap-devel-0:2.48-10.el9_7.1.aarch64.rpm", "libcap-devel-0:2.48-10.el9_7.1.i686.rpm", "libcap-devel-0:2.48-10.el9_7.1.ppc64le.rpm", "libcap-devel-0:2.48-10.el9_7.1.s390x.rpm", "libcap-devel-0:2.48-10.el9_7.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important libcap update on Rocky Linux 9 addresses privilege escalation via TOCTOU race condition. Get security fix details!. libcap security update, Rocky Linux libcap update, privilege escalation, TOCTOU race condition, important security advisory. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.