Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted libcap2 1:2.44-1+deb11u1 (source) into oldstable-security
Date: Wed, 26 Mar 2025 14:20:21 +0000
Signed by: Chris Lamb <lamby@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 24 Feb 2025 11:38:51 +0000
Source: libcap2
Architecture: source
Version: 1:2.44-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Christian Kastner <ckk@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1036114 1098318
Changes:
 libcap2 (1:2.44-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Debian LTS team:
 .
     - CVE-2023-2602: Prevent a potential memory exhaustion vulnerability. An
       issue was found in pthread_create where a malicious actor could have
       caused the underlying __real_pthread_create() to return an error and
       ultimately exhausted the process memory. (Closes: #1036114)
 .
     - CVE-2023-2603: Prevent a potential integer overflow vulnerability. The
       issue was located in the _libcap_strdup() function which could have led
       to an overflow if the input string was close to 4GiB. (Closes: #1036114)
 .
     - CVE-2025-1390: Prevent a potential local provilege escalation issue. The
       PAM module (ie. pam_cap.so) supports group names starting with "@" —
       during parsing, configurations not starting with a "@" are incorrectly
       recognised as group names. This may have resulted in unintended users
       being granted an inherited capability set and thus potentially leading to
       security risks. However, attackers can exploit this vulnerability to
       achieve local privilege escalation only on systems where the
       /etc/security/capability.conf file is used to configure user inherited
       privileges by constructing specific usernames. (Closes: #1098318)
Checksums-Sha1:
 4d994f34c73f47a3aae1e16ef9d17ae5a6bf43a2 2212 libcap2_2.44-1+deb11u1.dsc
 d41c376e92f965f622faef129c1b7b155a3118d1 125568 libcap2_2.44.orig.tar.xz
 a77dfe483cb6124d1383d5f3ad6111084ca9da51 23004 libcap2_2.44-1+deb11u1.debian.tar.xz
 5dc4660e3ea283272eeaca95a9816e2d958a4084 8115 libcap2_2.44-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 eae49d474583738ed24f1c837d3a86f7f2ffe590ac211403c1cd581b0b4e488b 2212 libcap2_2.44-1+deb11u1.dsc
 92188359cd5be86e8e5bd3f6483ac6ce582264f912398937ef763def2205c8e1 125568 libcap2_2.44.orig.tar.xz
 1cb81c73eeb97a051e98ff5cc28e811d45ae356d6b3c9954be68a7878776bec3 23004 libcap2_2.44-1+deb11u1.debian.tar.xz
 c6990e506d944e7021f8110b951bc02f86f7d2527a10824a4db598b12823b096 8115 libcap2_2.44-1+deb11u1_amd64.buildinfo
Files:
 1a2e0ad50787e9d550ced24467473a32 2212 libs optional libcap2_2.44-1+deb11u1.dsc
 46ab71759e17a07efa920692ac2f714d 125568 libs optional libcap2_2.44.orig.tar.xz
 3c67b530a9aee70877f7014f6f542be2 23004 libs optional libcap2_2.44-1+deb11u1.debian.tar.xz
 350ad4704284d1f44df487de0aa895bd 8115 libs optional libcap2_2.44-1+deb11u1_amd64.buildinfo


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmfkCk4ACgkQHpU+J9Qx
Hlhfdw//SGfH0F9SJrSwa7OvGfmrfdu25q3fqshJdMcv98y96vYwTnPOGjyKXfSu
hTiI04GzCfMAN2yW3kFi4V+lXIGweHwP7pbLqGDUWWx7QmBdx6TPTrYDgp0Ktco+
xVBxxDiiS3rXakl8pBSMILszwrrP+sTwzAab5W6DXjMrfK8dAwiOyJbbnOVXiIhA
AHAI546NZ27wn+39V25aQj9y9Rn8//UACfdKJcO3D4zeQr5naxOXEi9Ug8aMDnWU
tFOh7o3w1WOBY4EImm2WGKTohjFP+eFh7ILqA4xRh5k9la4pk6Gm0ZDPCsk6ku6Q
EZRQlQsOkoh7mTiSH333Joa9+su7/BMI7EqO0tmn7M7+m89ct0q5BBy4Y9v6dTjX
k2wVWVujN/oouOJ/5iLxVzPbOjxHzuUOzuCsdAn9BONzTLVc6KMwEOQ7j6W8SaX4
oOVcEQQZE6S1rcK3C/T6AiLO8jhD00v5qsvTNSSI6KUa39JFkh/0IVBEwzShPucn
Gy69hvqukiKg69S0IEoMVzl8JYHTMreIQg3JE0utIkWNwdMPd6tj5iPDUlyW4eE8
z5CD1g6D8j9L8VyXGgpb+3pu0g2BIfZ6JYX58s0J148jjF29k+dLR7pcYoA8dKOA
ks9Gnj06o68Wl9BRZmRW6vCiqO7m3KqGeFrUk3369WXvV6rgRos=
=Q440
-----END PGP SIGNATURE-----
News for package libcap2
