Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 906461 (CAP-CR-23-02, CVE-2023-2602, CVE-2023-2603, LCAP-CR-23-01) - <sys-libs/libcap-2.69: Multiple vulnerabilities
Summary: <sys-libs/libcap-2.69: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: CAP-CR-23-02, CVE-2023-2602, CVE-2023-2603, LCAP-CR-23-01
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ?? [glsa? cleanup]
Keywords:
Depends on: 906980
Blocks:
  Show dependency tree
 
Reported: 2023-05-15 19:03 UTC by Sam James
Modified: 2023-05-30 03:45 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-15 19:03:17 UTC
See https://www.openwall.com/lists/oss-security/2023/05/15/4

"""

The release of libcap-2.69, announced here:

  https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe

addresses the following:

- LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir
- LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger

The full details of both issues are provided in this audit report:

  https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf

Cheers

Andrew
"""
Comment 1 Larry the Git Cow gentoo-dev 2023-05-15 19:04:24 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=60c3c2662f43d89f1746a897acddd63282697531

commit 60c3c2662f43d89f1746a897acddd63282697531
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2023-05-15 19:04:13 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2023-05-15 19:04:13 +0000

    sys-libs/libcap: add 2.69
    
    Bug: https://bugs.gentoo.org/906461
    Signed-off-by: David Seifert <soap@gentoo.org>

 sys-libs/libcap/Manifest           |  1 +
 sys-libs/libcap/libcap-2.69.ebuild | 96 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 97 insertions(+)