Bug 31938

Summary: libcap new security issues CVE-2023-2602 and CVE-2023-2603
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, davidwhodgins, herman.viaene, nicolas.salguero, sysadmin-bugs, troy28217, zetisonapi
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: libcap-2.46-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2023-05-18 18:26:51 CEST 
Two security issues fixed upstream in libcap 2.69 have been announced:
https://www.openwall.com/lists/oss-security/2023/05/15/4
https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe

Details are here:
https://www.openwall.com/lists/oss-security/2023/05/16/2

Mageia 8 is also affected.
David Walser 2023-05-18 18:27:05 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 2.69

Comment 1 Lewis Smith 2023-05-19 21:19:04 CEST 
Another package with no one maintainer in view, so this is to assign globally.

Assignee: bugsquad => pkg-bugs

Comment 2 David Walser 2023-06-20 15:12:45 CEST 
Ubuntu has issued an advisory for this on June 14:
https://ubuntu.com/security/notices/USN-6166-1
Comment 3 Nicolas Salguero 2023-06-21 14:49:53 CEST 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. (CVE-2023-2602)

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. (CVE-2023-2603)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2603
https://www.openwall.com/lists/oss-security/2023/05/15/4
https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe
https://www.openwall.com/lists/oss-security/2023/05/16/2
https://ubuntu.com/security/notices/USN-6166-1
========================

Updated packages in core/updates_testing:
========================
lib(64)cap2-2.46-1.1.mga8
lib(64)cap-devel-2.46-1.1.mga8
libcap-utils-2.46-1.1.mga8
pam_cap-2.46-1.1.mga8

from SRPM:
libcap-2.46-1.1.mga8.src.rpm

Version: Cauldron => 8
Source RPM: libcap-2.52-2.mga9.src.rpm => libcap-2.46-1.mga8.src.rpm
Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED
CC: (none) => nicolas.salguero
Status comment: Fixed upstream in 2.69 => (none)
Whiteboard: MGA8TOO => (none)

Comment 4 Herman Viaene 2023-06-22 15:12:30 CEST 
MGA8-64 MATE on Acer Aspire 5253
No installation issues
Ref bug 3938 (a bit beyond my level)
# capsh --chroot=/ -- -c /bin/pwd
/
# getcap -v py3requests_test2.py 
py3requests_test2.py
# getpcaps py3requests_test2.py 
py3requests_test2.py: =ep
 Giving the OK on the basis it looks reasonable.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 5 Thomas Andrews 2023-06-22 16:26:33 CEST 
Validating. Advisory in comment 3.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2023-06-27 22:36:40 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 6 Mageia Robot 2023-06-28 07:23:02 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0205.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Comment 7 zetisno zetisno 2023-11-03 09:11:20 CET Comment hidden (spam)

CC: (none) => zetisonapi

Comment 8 Nicolas Salguero 2023-11-27 16:07:53 CET 
*** Bug 32559 has been marked as a duplicate of this bug. ***
Comment 9 Dolores Shetlar 2023-12-27 04:57:57 CET Comment hidden (spam)

CC: (none) => troy28217