Headline
RHSA-2023:5071: Red Hat Security Advisory: libcap security update
An update for libcap is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-2602: A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.
- CVE-2023-2603: A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.
Synopsis
Moderate: libcap security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libcap is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) draft 15 capabilities.
Security Fix(es):
- libcap: Integer Overflow in _libcap_strdup() (CVE-2023-2603)
- libcap: Memory Leak on pthread_create() Error (CVE-2023-2602)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
- Red Hat Enterprise Linux Server - AUS 9.2 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2 s390x
Fixes
- BZ - 2209113 - CVE-2023-2603 libcap: Integer Overflow in _libcap_strdup()
- BZ - 2209114 - CVE-2023-2602 libcap: Memory Leak on pthread_create() Error
Red Hat Enterprise Linux for x86_64 9
SRPM
libcap-2.48-9.el9_2.src.rpm
SHA-256: cf258d269e2690617bbace76ec328e55c6f1431ddb47b67bcd4841472870d483
x86_64
libcap-2.48-9.el9_2.i686.rpm
SHA-256: a30cab0eedac9c007161e420c97b72318538abfdfd4de6ffd060c613b63aee75
libcap-2.48-9.el9_2.x86_64.rpm
SHA-256: d108abf74d0a27a1f82f9fe868db403622b0486e547c4b9557a18d367981fe24
libcap-debuginfo-2.48-9.el9_2.i686.rpm
SHA-256: 0e1aa127e382a0478085c65795cd610f2377980677e021500806dc04429c855e
libcap-debuginfo-2.48-9.el9_2.i686.rpm
SHA-256: 0e1aa127e382a0478085c65795cd610f2377980677e021500806dc04429c855e
libcap-debuginfo-2.48-9.el9_2.x86_64.rpm
SHA-256: 141d234487aacc40fcef41316736d4f82dff8996e3e50f27c3fcf4348e6e0933
libcap-debuginfo-2.48-9.el9_2.x86_64.rpm
SHA-256: 141d234487aacc40fcef41316736d4f82dff8996e3e50f27c3fcf4348e6e0933
libcap-debugsource-2.48-9.el9_2.i686.rpm
SHA-256: 6c3bf3acbee7fef406c795f8500a064ac6cf33f64220719f58854eeca77ddfea
libcap-debugsource-2.48-9.el9_2.i686.rpm
SHA-256: 6c3bf3acbee7fef406c795f8500a064ac6cf33f64220719f58854eeca77ddfea
libcap-debugsource-2.48-9.el9_2.x86_64.rpm
SHA-256: 795c4d309a752c64a01733a729e95c9123f11c59d941fa9128f94d89b523b773
libcap-debugsource-2.48-9.el9_2.x86_64.rpm
SHA-256: 795c4d309a752c64a01733a729e95c9123f11c59d941fa9128f94d89b523b773
libcap-devel-2.48-9.el9_2.i686.rpm
SHA-256: d6ffc0e62f191d10e3c2a7a126d971224c17d56b29a5cd16b6d8474e74a88091
libcap-devel-2.48-9.el9_2.x86_64.rpm
SHA-256: 4d79bd9d7077abd04e71a0390b12ead2a8b665e23418ee318226e074e8cd1b74
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2
SRPM
libcap-2.48-9.el9_2.src.rpm
SHA-256: cf258d269e2690617bbace76ec328e55c6f1431ddb47b67bcd4841472870d483
x86_64
libcap-2.48-9.el9_2.i686.rpm
SHA-256: a30cab0eedac9c007161e420c97b72318538abfdfd4de6ffd060c613b63aee75
libcap-2.48-9.el9_2.x86_64.rpm
SHA-256: d108abf74d0a27a1f82f9fe868db403622b0486e547c4b9557a18d367981fe24
libcap-debuginfo-2.48-9.el9_2.i686.rpm
SHA-256: 0e1aa127e382a0478085c65795cd610f2377980677e021500806dc04429c855e
libcap-debuginfo-2.48-9.el9_2.i686.rpm
SHA-256: 0e1aa127e382a0478085c65795cd610f2377980677e021500806dc04429c855e
libcap-debuginfo-2.48-9.el9_2.x86_64.rpm
SHA-256: 141d234487aacc40fcef41316736d4f82dff8996e3e50f27c3fcf4348e6e0933
libcap-debuginfo-2.48-9.el9_2.x86_64.rpm
SHA-256: 141d234487aacc40fcef41316736d4f82dff8996e3e50f27c3fcf4348e6e0933
libcap-debugsource-2.48-9.el9_2.i686.rpm
SHA-256: 6c3bf3acbee7fef406c795f8500a064ac6cf33f64220719f58854eeca77ddfea
libcap-debugsource-2.48-9.el9_2.i686.rpm
SHA-256: 6c3bf3acbee7fef406c795f8500a064ac6cf33f64220719f58854eeca77ddfea
libcap-debugsource-2.48-9.el9_2.x86_64.rpm
SHA-256: 795c4d309a752c64a01733a729e95c9123f11c59d941fa9128f94d89b523b773
libcap-debugsource-2.48-9.el9_2.x86_64.rpm
SHA-256: 795c4d309a752c64a01733a729e95c9123f11c59d941fa9128f94d89b523b773
libcap-devel-2.48-9.el9_2.i686.rpm
SHA-256: d6ffc0e62f191d10e3c2a7a126d971224c17d56b29a5cd16b6d8474e74a88091
libcap-devel-2.48-9.el9_2.x86_64.rpm
SHA-256: 4d79bd9d7077abd04e71a0390b12ead2a8b665e23418ee318226e074e8cd1b74
Red Hat Enterprise Linux Server - AUS 9.2
SRPM
libcap-2.48-9.el9_2.src.rpm
SHA-256: cf258d269e2690617bbace76ec328e55c6f1431ddb47b67bcd4841472870d483
x86_64
libcap-2.48-9.el9_2.i686.rpm
SHA-256: a30cab0eedac9c007161e420c97b72318538abfdfd4de6ffd060c613b63aee75
libcap-2.48-9.el9_2.x86_64.rpm
SHA-256: d108abf74d0a27a1f82f9fe868db403622b0486e547c4b9557a18d367981fe24
libcap-debuginfo-2.48-9.el9_2.i686.rpm
SHA-256: 0e1aa127e382a0478085c65795cd610f2377980677e021500806dc04429c855e
libcap-debuginfo-2.48-9.el9_2.i686.rpm
SHA-256: 0e1aa127e382a0478085c65795cd610f2377980677e021500806dc04429c855e
libcap-debuginfo-2.48-9.el9_2.x86_64.rpm
SHA-256: 141d234487aacc40fcef41316736d4f82dff8996e3e50f27c3fcf4348e6e0933
libcap-debuginfo-2.48-9.el9_2.x86_64.rpm
SHA-256: 141d234487aacc40fcef41316736d4f82dff8996e3e50f27c3fcf4348e6e0933
libcap-debugsource-2.48-9.el9_2.i686.rpm
SHA-256: 6c3bf3acbee7fef406c795f8500a064ac6cf33f64220719f58854eeca77ddfea
libcap-debugsource-2.48-9.el9_2.i686.rpm
SHA-256: 6c3bf3acbee7fef406c795f8500a064ac6cf33f64220719f58854eeca77ddfea
libcap-debugsource-2.48-9.el9_2.x86_64.rpm
SHA-256: 795c4d309a752c64a01733a729e95c9123f11c59d941fa9128f94d89b523b773
libcap-debugsource-2.48-9.el9_2.x86_64.rpm
SHA-256: 795c4d309a752c64a01733a729e95c9123f11c59d941fa9128f94d89b523b773
libcap-devel-2.48-9.el9_2.i686.rpm
SHA-256: d6ffc0e62f191d10e3c2a7a126d971224c17d56b29a5cd16b6d8474e74a88091
libcap-devel-2.48-9.el9_2.x86_64.rpm
SHA-256: 4d79bd9d7077abd04e71a0390b12ead2a8b665e23418ee318226e074e8cd1b74
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
libcap-2.48-9.el9_2.src.rpm
SHA-256: cf258d269e2690617bbace76ec328e55c6f1431ddb47b67bcd4841472870d483
s390x
libcap-2.48-9.el9_2.s390x.rpm
SHA-256: a6443ff36fbd5483fc87a61f9eaa82d040513ebf3fd3da8b3dea306f87f2169a
libcap-debuginfo-2.48-9.el9_2.s390x.rpm
SHA-256: c48281550d835ff365068bfbb1e9bca51096b2f42cf7f8eb1190d5b9b3e84bca
libcap-debuginfo-2.48-9.el9_2.s390x.rpm
SHA-256: c48281550d835ff365068bfbb1e9bca51096b2f42cf7f8eb1190d5b9b3e84bca
libcap-debugsource-2.48-9.el9_2.s390x.rpm
SHA-256: 8b86fcd4b259ae14d0edfbd7745130699c9fba58cd45ab2c1360b78c6f265408
libcap-debugsource-2.48-9.el9_2.s390x.rpm
SHA-256: 8b86fcd4b259ae14d0edfbd7745130699c9fba58cd45ab2c1360b78c6f265408
libcap-devel-2.48-9.el9_2.s390x.rpm
SHA-256: f75afba13db33a1b33bcc8b738c754a47af030e06d54097b9a59c123b07de9fe
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2
SRPM
libcap-2.48-9.el9_2.src.rpm
SHA-256: cf258d269e2690617bbace76ec328e55c6f1431ddb47b67bcd4841472870d483
s390x
libcap-2.48-9.el9_2.s390x.rpm
SHA-256: a6443ff36fbd5483fc87a61f9eaa82d040513ebf3fd3da8b3dea306f87f2169a
libcap-debuginfo-2.48-9.el9_2.s390x.rpm
SHA-256: c48281550d835ff365068bfbb1e9bca51096b2f42cf7f8eb1190d5b9b3e84bca
libcap-debuginfo-2.48-9.el9_2.s390x.rpm
SHA-256: c48281550d835ff365068bfbb1e9bca51096b2f42cf7f8eb1190d5b9b3e84bca
libcap-debugsource-2.48-9.el9_2.s390x.rpm
SHA-256: 8b86fcd4b259ae14d0edfbd7745130699c9fba58cd45ab2c1360b78c6f265408
libcap-debugsource-2.48-9.el9_2.s390x.rpm
SHA-256: 8b86fcd4b259ae14d0edfbd7745130699c9fba58cd45ab2c1360b78c6f265408
libcap-devel-2.48-9.el9_2.s390x.rpm
SHA-256: f75afba13db33a1b33bcc8b738c754a47af030e06d54097b9a59c123b07de9fe
Red Hat Enterprise Linux for Power, little endian 9
SRPM
libcap-2.48-9.el9_2.src.rpm
SHA-256: cf258d269e2690617bbace76ec328e55c6f1431ddb47b67bcd4841472870d483
ppc64le
libcap-2.48-9.el9_2.ppc64le.rpm
SHA-256: 06beaf8fd04840c2c962eb7effe14a9f41de575ba6135004d255b3af63109cea
libcap-debuginfo-2.48-9.el9_2.ppc64le.rpm
SHA-256: ddc71877018f857c262776bc005a9605b949a2567933ddfa746929eec3e4d555
libcap-debuginfo-2.48-9.el9_2.ppc64le.rpm
SHA-256: ddc71877018f857c262776bc005a9605b949a2567933ddfa746929eec3e4d555
libcap-debugsource-2.48-9.el9_2.ppc64le.rpm
SHA-256: 3546abf661e1957cc974df1e2f37bb020dcc06314a30cf490c7037d65bc98973
libcap-debugsource-2.48-9.el9_2.ppc64le.rpm
SHA-256: 3546abf661e1957cc974df1e2f37bb020dcc06314a30cf490c7037d65bc98973
libcap-devel-2.48-9.el9_2.ppc64le.rpm
SHA-256: 3e81f204bd97005cb6c4d427f1dc774c93846cbce38a94b37f23342b0792b369
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2
SRPM
libcap-2.48-9.el9_2.src.rpm
SHA-256: cf258d269e2690617bbace76ec328e55c6f1431ddb47b67bcd4841472870d483
ppc64le
libcap-2.48-9.el9_2.ppc64le.rpm
SHA-256: 06beaf8fd04840c2c962eb7effe14a9f41de575ba6135004d255b3af63109cea
libcap-debuginfo-2.48-9.el9_2.ppc64le.rpm
SHA-256: ddc71877018f857c262776bc005a9605b949a2567933ddfa746929eec3e4d555
libcap-debuginfo-2.48-9.el9_2.ppc64le.rpm
SHA-256: ddc71877018f857c262776bc005a9605b949a2567933ddfa746929eec3e4d555
libcap-debugsource-2.48-9.el9_2.ppc64le.rpm
SHA-256: 3546abf661e1957cc974df1e2f37bb020dcc06314a30cf490c7037d65bc98973
libcap-debugsource-2.48-9.el9_2.ppc64le.rpm
SHA-256: 3546abf661e1957cc974df1e2f37bb020dcc06314a30cf490c7037d65bc98973
libcap-devel-2.48-9.el9_2.ppc64le.rpm
SHA-256: 3e81f204bd97005cb6c4d427f1dc774c93846cbce38a94b37f23342b0792b369
Red Hat Enterprise Linux for ARM 64 9
SRPM
libcap-2.48-9.el9_2.src.rpm
SHA-256: cf258d269e2690617bbace76ec328e55c6f1431ddb47b67bcd4841472870d483
aarch64
libcap-2.48-9.el9_2.aarch64.rpm
SHA-256: 24299f571bb150f78c062140584f4e98dd1d3b9e1abb63d9d64173ccc2fc65df
libcap-debuginfo-2.48-9.el9_2.aarch64.rpm
SHA-256: 8a85487ce9b25b5a69adf0fdf8a492d15a05ada61d08afc4b33f1c9eb8b86a16
libcap-debuginfo-2.48-9.el9_2.aarch64.rpm
SHA-256: 8a85487ce9b25b5a69adf0fdf8a492d15a05ada61d08afc4b33f1c9eb8b86a16
libcap-debugsource-2.48-9.el9_2.aarch64.rpm
SHA-256: 10e26a5a958bbf12c1da4497f85dbb0ab6372a212f47614d997f946e598bcb80
libcap-debugsource-2.48-9.el9_2.aarch64.rpm
SHA-256: 10e26a5a958bbf12c1da4497f85dbb0ab6372a212f47614d997f946e598bcb80
libcap-devel-2.48-9.el9_2.aarch64.rpm
SHA-256: 6305bf07d02af2569ecb2966d7b0593d1118088ecc5e45f02e0da31d5bd4b229
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2
SRPM
libcap-2.48-9.el9_2.src.rpm
SHA-256: cf258d269e2690617bbace76ec328e55c6f1431ddb47b67bcd4841472870d483
aarch64
libcap-2.48-9.el9_2.aarch64.rpm
SHA-256: 24299f571bb150f78c062140584f4e98dd1d3b9e1abb63d9d64173ccc2fc65df
libcap-debuginfo-2.48-9.el9_2.aarch64.rpm
SHA-256: 8a85487ce9b25b5a69adf0fdf8a492d15a05ada61d08afc4b33f1c9eb8b86a16
libcap-debuginfo-2.48-9.el9_2.aarch64.rpm
SHA-256: 8a85487ce9b25b5a69adf0fdf8a492d15a05ada61d08afc4b33f1c9eb8b86a16
libcap-debugsource-2.48-9.el9_2.aarch64.rpm
SHA-256: 10e26a5a958bbf12c1da4497f85dbb0ab6372a212f47614d997f946e598bcb80
libcap-debugsource-2.48-9.el9_2.aarch64.rpm
SHA-256: 10e26a5a958bbf12c1da4497f85dbb0ab6372a212f47614d997f946e598bcb80
libcap-devel-2.48-9.el9_2.aarch64.rpm
SHA-256: 6305bf07d02af2569ecb2966d7b0593d1118088ecc5e45f02e0da31d5bd4b229
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2
SRPM
libcap-2.48-9.el9_2.src.rpm
SHA-256: cf258d269e2690617bbace76ec328e55c6f1431ddb47b67bcd4841472870d483
ppc64le
libcap-2.48-9.el9_2.ppc64le.rpm
SHA-256: 06beaf8fd04840c2c962eb7effe14a9f41de575ba6135004d255b3af63109cea
libcap-debuginfo-2.48-9.el9_2.ppc64le.rpm
SHA-256: ddc71877018f857c262776bc005a9605b949a2567933ddfa746929eec3e4d555
libcap-debuginfo-2.48-9.el9_2.ppc64le.rpm
SHA-256: ddc71877018f857c262776bc005a9605b949a2567933ddfa746929eec3e4d555
libcap-debugsource-2.48-9.el9_2.ppc64le.rpm
SHA-256: 3546abf661e1957cc974df1e2f37bb020dcc06314a30cf490c7037d65bc98973
libcap-debugsource-2.48-9.el9_2.ppc64le.rpm
SHA-256: 3546abf661e1957cc974df1e2f37bb020dcc06314a30cf490c7037d65bc98973
libcap-devel-2.48-9.el9_2.ppc64le.rpm
SHA-256: 3e81f204bd97005cb6c4d427f1dc774c93846cbce38a94b37f23342b0792b369
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2
SRPM
libcap-2.48-9.el9_2.src.rpm
SHA-256: cf258d269e2690617bbace76ec328e55c6f1431ddb47b67bcd4841472870d483
x86_64
libcap-2.48-9.el9_2.i686.rpm
SHA-256: a30cab0eedac9c007161e420c97b72318538abfdfd4de6ffd060c613b63aee75
libcap-2.48-9.el9_2.x86_64.rpm
SHA-256: d108abf74d0a27a1f82f9fe868db403622b0486e547c4b9557a18d367981fe24
libcap-debuginfo-2.48-9.el9_2.i686.rpm
SHA-256: 0e1aa127e382a0478085c65795cd610f2377980677e021500806dc04429c855e
libcap-debuginfo-2.48-9.el9_2.i686.rpm
SHA-256: 0e1aa127e382a0478085c65795cd610f2377980677e021500806dc04429c855e
libcap-debuginfo-2.48-9.el9_2.x86_64.rpm
SHA-256: 141d234487aacc40fcef41316736d4f82dff8996e3e50f27c3fcf4348e6e0933
libcap-debuginfo-2.48-9.el9_2.x86_64.rpm
SHA-256: 141d234487aacc40fcef41316736d4f82dff8996e3e50f27c3fcf4348e6e0933
libcap-debugsource-2.48-9.el9_2.i686.rpm
SHA-256: 6c3bf3acbee7fef406c795f8500a064ac6cf33f64220719f58854eeca77ddfea
libcap-debugsource-2.48-9.el9_2.i686.rpm
SHA-256: 6c3bf3acbee7fef406c795f8500a064ac6cf33f64220719f58854eeca77ddfea
libcap-debugsource-2.48-9.el9_2.x86_64.rpm
SHA-256: 795c4d309a752c64a01733a729e95c9123f11c59d941fa9128f94d89b523b773
libcap-debugsource-2.48-9.el9_2.x86_64.rpm
SHA-256: 795c4d309a752c64a01733a729e95c9123f11c59d941fa9128f94d89b523b773
libcap-devel-2.48-9.el9_2.i686.rpm
SHA-256: d6ffc0e62f191d10e3c2a7a126d971224c17d56b29a5cd16b6d8474e74a88091
libcap-devel-2.48-9.el9_2.x86_64.rpm
SHA-256: 4d79bd9d7077abd04e71a0390b12ead2a8b665e23418ee318226e074e8cd1b74
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2
SRPM
libcap-2.48-9.el9_2.src.rpm
SHA-256: cf258d269e2690617bbace76ec328e55c6f1431ddb47b67bcd4841472870d483
aarch64
libcap-2.48-9.el9_2.aarch64.rpm
SHA-256: 24299f571bb150f78c062140584f4e98dd1d3b9e1abb63d9d64173ccc2fc65df
libcap-debuginfo-2.48-9.el9_2.aarch64.rpm
SHA-256: 8a85487ce9b25b5a69adf0fdf8a492d15a05ada61d08afc4b33f1c9eb8b86a16
libcap-debuginfo-2.48-9.el9_2.aarch64.rpm
SHA-256: 8a85487ce9b25b5a69adf0fdf8a492d15a05ada61d08afc4b33f1c9eb8b86a16
libcap-debugsource-2.48-9.el9_2.aarch64.rpm
SHA-256: 10e26a5a958bbf12c1da4497f85dbb0ab6372a212f47614d997f946e598bcb80
libcap-debugsource-2.48-9.el9_2.aarch64.rpm
SHA-256: 10e26a5a958bbf12c1da4497f85dbb0ab6372a212f47614d997f946e598bcb80
libcap-devel-2.48-9.el9_2.aarch64.rpm
SHA-256: 6305bf07d02af2569ecb2966d7b0593d1118088ecc5e45f02e0da31d5bd4b229
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2
SRPM
libcap-2.48-9.el9_2.src.rpm
SHA-256: cf258d269e2690617bbace76ec328e55c6f1431ddb47b67bcd4841472870d483
s390x
libcap-2.48-9.el9_2.s390x.rpm
SHA-256: a6443ff36fbd5483fc87a61f9eaa82d040513ebf3fd3da8b3dea306f87f2169a
libcap-debuginfo-2.48-9.el9_2.s390x.rpm
SHA-256: c48281550d835ff365068bfbb1e9bca51096b2f42cf7f8eb1190d5b9b3e84bca
libcap-debuginfo-2.48-9.el9_2.s390x.rpm
SHA-256: c48281550d835ff365068bfbb1e9bca51096b2f42cf7f8eb1190d5b9b3e84bca
libcap-debugsource-2.48-9.el9_2.s390x.rpm
SHA-256: 8b86fcd4b259ae14d0edfbd7745130699c9fba58cd45ab2c1360b78c6f265408
libcap-debugsource-2.48-9.el9_2.s390x.rpm
SHA-256: 8b86fcd4b259ae14d0edfbd7745130699c9fba58cd45ab2c1360b78c6f265408
libcap-devel-2.48-9.el9_2.s390x.rpm
SHA-256: f75afba13db33a1b33bcc8b738c754a47af030e06d54097b9a59c123b07de9fe
Related news
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Red Hat Security Advisory 2023-5480-01 - Red Hat OpenShift Serverless release of OpenShift Serverless Logic. This release includes security fixes. Issues addressed include a bypass vulnerability.
The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.
Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulne...
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts ...
OpenShift API for Data Protection (OADP) 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream cou...
Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.
Red Hat OpenShift Service Mesh Containers for 2.4.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35942: A flaw was found in Envoy, where gRPC access loggers using the listener's global scope can cause a use-after-free crash when the listener is drained. This issue can be triggered by a listener discovery service (LDS) update with the same gRPC access log configuration.
Red Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-4889-01 - The DevWorkspace Operator extends OpenShift to provide DevWorkspace support. Issues addressed include a code execution vulnerability.
A new image is available for Red Hat Single Sign-On 7.6.5, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2023-1436: A flaw was found in Jettison. Infinite recursion is triggered in Jettison w...
Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.
Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.
Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3027: The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created polic...
Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3027: The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created polic...
Red Hat Security Advisory 2023-4720-01 - Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service for on-premise or private cloud deployments. This release of the AMQ Broker 7.11.1 aligned Operator includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Red Hat Security Advisory 2023-4720-01 - Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service for on-premise or private cloud deployments. This release of the AMQ Broker 7.11.1 aligned Operator includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Red Hat Security Advisory 2023-4694-01 - Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) director Operator containers are now available. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-4694-01 - Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) director Operator containers are now available. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Security Advisory 2023-4524-01 - Libcap is a library for getting and setting POSIX.1e draft 15 capabilities. Issues addressed include integer overflow and memory leak vulnerabilities.
Red Hat Security Advisory 2023-4524-01 - Libcap is a library for getting and setting POSIX.1e draft 15 capabilities. Issues addressed include integer overflow and memory leak vulnerabilities.
An update for libcap is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2602: A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. * CVE-2023-2603: A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if th...
An update for libcap is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2602: A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. * CVE-2023-2603: A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if th...
Ubuntu Security Notice 6166-2 - USN-6166-1 fixed a vulnerability in libcap2. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Richard Weinberger discovered that libcap2 incorrectly handled certain long input strings. An attacker could use this issue to cause libcap2 to crash, resulting in a denial of service, or possibly execute arbitrary code.
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.