-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libcap security update Advisory ID: RHSA-2023:5071-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5071 Issue date: 2023-09-12 CVE Names: CVE-2023-2602 CVE-2023-2603 ===================================================================== 1. Summary: An update for libcap is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: Libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) draft 15 capabilities. Security Fix(es): * libcap: Integer Overflow in _libcap_strdup() (CVE-2023-2603) * libcap: Memory Leak on pthread_create() Error (CVE-2023-2602) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2209113 - CVE-2023-2603 libcap: Integer Overflow in _libcap_strdup() 2209114 - CVE-2023-2602 libcap: Memory Leak on pthread_create() Error 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): aarch64: libcap-debuginfo-2.48-9.el9_2.aarch64.rpm libcap-debugsource-2.48-9.el9_2.aarch64.rpm libcap-devel-2.48-9.el9_2.aarch64.rpm ppc64le: libcap-debuginfo-2.48-9.el9_2.ppc64le.rpm libcap-debugsource-2.48-9.el9_2.ppc64le.rpm libcap-devel-2.48-9.el9_2.ppc64le.rpm s390x: libcap-debuginfo-2.48-9.el9_2.s390x.rpm libcap-debugsource-2.48-9.el9_2.s390x.rpm libcap-devel-2.48-9.el9_2.s390x.rpm x86_64: libcap-debuginfo-2.48-9.el9_2.i686.rpm libcap-debuginfo-2.48-9.el9_2.x86_64.rpm libcap-debugsource-2.48-9.el9_2.i686.rpm libcap-debugsource-2.48-9.el9_2.x86_64.rpm libcap-devel-2.48-9.el9_2.i686.rpm libcap-devel-2.48-9.el9_2.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 9): Source: libcap-2.48-9.el9_2.src.rpm aarch64: libcap-2.48-9.el9_2.aarch64.rpm libcap-debuginfo-2.48-9.el9_2.aarch64.rpm libcap-debugsource-2.48-9.el9_2.aarch64.rpm ppc64le: libcap-2.48-9.el9_2.ppc64le.rpm libcap-debuginfo-2.48-9.el9_2.ppc64le.rpm libcap-debugsource-2.48-9.el9_2.ppc64le.rpm s390x: libcap-2.48-9.el9_2.s390x.rpm libcap-debuginfo-2.48-9.el9_2.s390x.rpm libcap-debugsource-2.48-9.el9_2.s390x.rpm x86_64: libcap-2.48-9.el9_2.i686.rpm libcap-2.48-9.el9_2.x86_64.rpm libcap-debuginfo-2.48-9.el9_2.i686.rpm libcap-debuginfo-2.48-9.el9_2.x86_64.rpm libcap-debugsource-2.48-9.el9_2.i686.rpm libcap-debugsource-2.48-9.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-2602 https://access.redhat.com/security/cve/CVE-2023-2603 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlAINEAAoJENzjgjWX9erE9ukP/2mbLKqD53ut5TTWm4CFKelU FL3OW0IvAJcx+c34bMz9wB7DA4QMTH4dYHrBPppSkwM3YJcep9CBI8cpuvsjuqi/ hf2gMO/1HNx6FtChwnlFASvAsQTlNgQIFl6odm6+wGLRF0uh41cx/7M4v00EtlHb EsVe7w92kEzyXTucW6gYrUtvbyKF55a7xnre5TuhXOTS+HNydzyEUI2TIY9kxwBD YBFY7xOhc1mrM+Zvdn2DodskHsxu5ZGHr0i1MAA8lcWPypiyB/iTI78TDxtC9WVL 7RlxteecI5jhrB8hiadGFdnyOrEky4fFIRi753Wgv0KCNFtLS87yPHOpqqrVOuWh VJmJofXUDqlmfq7roFTHd4XExgqx+nSWlwJXF2mrvcWwYKoZitRXLbs3xX1wfYYC PjzkpdI4MZDVQbqYe8V0CfUS4e+tb3fI8BcgN1uLxX9pgbC3m+ViYuB4uaumcmv+ ZtMweM2We4DrTcoKYcwAgST5EjzsXU7R7mHZxC+7gQjCEmm0R4c8cPTXUkY67YGD hkpqiKz54Igenl1ATSzF7OSoQzn9wjMFkz98/SO1iFe9e2KCPgBAkJy0fjPSHWYM NrNkds+pUaPTRRnBvtoGuNuhBsYi6rEkgu7M/0YVfY12QzdDH2rgue/QNBHfR5+0 aKThEh/hly2FhFuY8+Dt =28Fj -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce