Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 906461 (CAP-CR-23-02, CVE-2023-2602, CVE-2023-2603, LCAP-CR-23-01)

Summary: <sys-libs/libcap-2.69: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: base-system
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ?? [glsa? cleanup]
Package list:
Runtime testing required: ---
Bug Depends on: 906980    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-15 19:03:17 UTC 
See https://www.openwall.com/lists/oss-security/2023/05/15/4

"""

The release of libcap-2.69, announced here:

  https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe

addresses the following:

- LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir
- LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger

The full details of both issues are provided in this audit report:

  https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf

Cheers

Andrew
"""
Comment 1 Larry the Git Cow gentoo-dev 2023-05-15 19:04:24 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=60c3c2662f43d89f1746a897acddd63282697531

commit 60c3c2662f43d89f1746a897acddd63282697531
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2023-05-15 19:04:13 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2023-05-15 19:04:13 +0000

    sys-libs/libcap: add 2.69
    
    Bug: https://bugs.gentoo.org/906461
    Signed-off-by: David Seifert <soap@gentoo.org>

 sys-libs/libcap/Manifest           |  1 +
 sys-libs/libcap/libcap-2.69.ebuild | 96 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 97 insertions(+)