Red Hat Security Advisory 2023-4524-01

Red Hat Security Advisory 2023-4524-01: Posted Aug 8, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-4524-01 - Libcap is a library for getting and setting POSIX.1e draft 15 capabilities. Issues addressed include integer overflow and memory leak vulnerabilities.; tags | advisory, overflow, vulnerability, memory leak; systems | linux, redhat, osx; advisories | CVE-2023-2602, CVE-2023-2603; SHA-256 | 9393191fe2906786aaecc95ef657be2b2d21d0856639034a2d51cd3151f514e6; Download | Favorite | View

Red Hat Security Advisory 2023-4524-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: libcap security update
Advisory ID:       RHSA-2023:4524-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4524
Issue date:        2023-08-08
CVE Names:         CVE-2023-2602 CVE-2023-2603 
=====================================================================

1. Summary:

An update for libcap is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Libcap is a library for getting and setting POSIX.1e (formerly POSIX 6)
draft 15 capabilities.

Security Fix(es):

* libcap: Integer Overflow in _libcap_strdup() (CVE-2023-2603)

* libcap: Memory Leak on pthread_create() Error (CVE-2023-2602)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209113 - CVE-2023-2603 libcap: Integer Overflow in _libcap_strdup()
2209114 - CVE-2023-2602 libcap: Memory Leak on pthread_create() Error

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
libcap-2.48-5.el8_8.src.rpm

aarch64:
libcap-2.48-5.el8_8.aarch64.rpm
libcap-debuginfo-2.48-5.el8_8.aarch64.rpm
libcap-debugsource-2.48-5.el8_8.aarch64.rpm
libcap-devel-2.48-5.el8_8.aarch64.rpm

ppc64le:
libcap-2.48-5.el8_8.ppc64le.rpm
libcap-debuginfo-2.48-5.el8_8.ppc64le.rpm
libcap-debugsource-2.48-5.el8_8.ppc64le.rpm
libcap-devel-2.48-5.el8_8.ppc64le.rpm

s390x:
libcap-2.48-5.el8_8.s390x.rpm
libcap-debuginfo-2.48-5.el8_8.s390x.rpm
libcap-debugsource-2.48-5.el8_8.s390x.rpm
libcap-devel-2.48-5.el8_8.s390x.rpm

x86_64:
libcap-2.48-5.el8_8.i686.rpm
libcap-2.48-5.el8_8.x86_64.rpm
libcap-debuginfo-2.48-5.el8_8.i686.rpm
libcap-debuginfo-2.48-5.el8_8.x86_64.rpm
libcap-debugsource-2.48-5.el8_8.i686.rpm
libcap-debugsource-2.48-5.el8_8.x86_64.rpm
libcap-devel-2.48-5.el8_8.i686.rpm
libcap-devel-2.48-5.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2602
https://access.redhat.com/security/cve/CVE-2023-2603
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJk0k8yAAoJENzjgjWX9erEIT8QAIUP4xiMtybHMFjjcyV95EkW
cE5jP6Sq++09+SXnim0DzCign4Gr5J3uLpdLigKiq+apjSb+7wApS79FmtnOYavi
E5KTkvCuEo6g0Zh367ZLpUH59ZZcWwHk9Z2/FQC6ehRWwPnEaS43DbrsJWslecYY
4dakirQGTXmzFnbksnH/CyHOrGh+By5B3wPZWAzo7BwhfZfPvpTcGALUvnNd+CmD
jY6kWhFw/JNKA8ux/NRPlQx/qN9Ec3dC5F990Pzp4YNLo2xS3E8yxEEvh90sihFq
MUqIwC1s6xNuW3vx+UWmxm2+RwcmLyWaJAVbgZpk/C6H4q6/XYmGDuJizFOCLuiw
JxrTDRNu3siZwdwlqIlJtydV6G4kXn1zQw5tFau5kaI5xmUamSI3toNoVF7X+A2i
tIRTxYfG56uc5UlaWXli0hyzCiL+MKRRS+ybjZ2O7S5xto35JsdywQsB0Zm4E2yD
lTmtcDFA2apLUDxChURDxA0/OCXJJbAhtoYk25gkfwEhyHGT1/BlKFUFMAZY0RxR
kZPFoAiU9pjdMJQtkihC633K4UPbF85eZ5uytTI8uTlmNgIYP2Or7xpwg9txIkhA
CDgtTpOjrFSrEHZB7F/wJktZ64jP8perBGc1SAw915nTIXvZhA1UU3ky/pK/xEA+
W836zfh1wkjr8qFgg8Pm
=03n6
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 287 files
Ubuntu 60 files
Debian 32 files
Gentoo 28 files
LiquidWorm 10 files
nu11secur1ty 7 files
Adam Gowdiak 4 files
liquidsky 3 files
kai6u 3 files
malvuln 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,036)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,495)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,567)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,739)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,489)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

Red Hat Security Advisory 2023-4524-01

Red Hat Security Advisory 2023-4524-01

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2023-4524-01

Share This

Red Hat Security Advisory 2023-4524-01

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems