Opened 19 months ago

Closed 18 months ago

Last modified 16 months ago

#5258 closed enhancement (fixed)

libcap-2.69

Reported by: Douglas R. Reno Owned by: Bruce Dubbs
Priority: high Milestone: 12.0
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

Contains a fix for CVE-2023-2602 and CVE-2023-2603

Change History (5)

comment:1 by Xi Ruoyao, 19 months ago

An audit was performed on libcap and friends by https://x41-dsec.de/ (blog) . The audit (final report, 2023-05-10) was sponsored by the the Open Source Technology Improvement Fund, https://ostif.org/ (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows:

  • LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir
  • LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger
  • LCAP-CR-23-100 (SEVERITY) NONE
  • LCAP-CR-23-101 (SEVERITY) NONE
  • LCAP-CR-23-102 (SEVERITY) NONE

Man page style improvement from Emanuele Torre

Partially revive the ability to build the binaries fully statically.

  • This was needed to make bleeding edge kernel debugging/testing via qemu+busybox work again. Addressing an issue I realized only when I tried to answer this stackexchange question.

comment:2 by Bruce Dubbs, 18 months ago

Owner: changed from lfs-book to Bruce Dubbs
Status: newassigned

comment:3 by Bruce Dubbs, 18 months ago

Resolution: fixed
Status: assignedclosed

Fixed at commit 1fde5b2617369cdf70948bcf07c217bb19c9be94

comment:4 by Douglas R. Reno, 18 months ago

SA-11.3-032 issued.

comment:5 by Bruce Dubbs, 16 months ago

Milestone: 11.412.0

Milestone renamed

Note: See TracTickets for help on using tickets.