As per RedHat's bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=722694): The capsh program has a --chroot commandline option. Inspecting the code shows that it does not do a chdir("/") after calling chroot. This means that '.' is outside the chroot. Fix is reported to be in 2.22. This is CVE-2011-4099.
i'm guessing the kernel.org downtime made this version bump hard to notice at any rate, 2.22 now in the tree
Thanks for the bug, Jack. (In reply to comment #1) > i'm guessing the kernel.org downtime made this version bump hard to notice > > at any rate, 2.22 now in the tree Great, thanks. Arches, please test and mark stable: =sys-libs/libcap-2.22 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
amd64 ok
Stable for HPPA.
+ 03 Nov 2011; Tony Vroon <chainsaw@gentoo.org> libcap-2.22.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & Ian + "idella4" Delaney in security bug #389201.
Archtested on x86: Everything fine
(In reply to comment #7) > Archtested on x86: Everything fine +1
x86 stable, thanks JD and Myckel!
arm stable
ppc done
alpha/ia64/m68k/s390/sh/sparc stable
ppc64 done
Thanks, folks. GLSA Vote: yes.
Vote: NO.
Vote: no. Closing noglsa.