rpms/libcap
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI libcap-2.48-9.el9_2

Browse Source
This commit is contained in:
eabdullin 2023-09-12 09:50:57 +00:00
parent b2572e99b4
commit 11e42b7644
3 changed files with 63 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
SOURCES/libcap-cve-2023-2602.patch Normal file
View File

@ -0,0 +1,36 @@
commit bc6b36682f188020ee4770fae1d41bde5b2c97bb
Author: Andrew G. Morgan <morgan@kernel.org>
Date: Wed May 3 19:18:36 2023 -0700
Correct the check of pthread_create()'s return value.
This function returns a positive number (errno) on error, so the code
wasn't previously freeing some memory in this situation.
Discussion:
https://stackoverflow.com/a/3581020/14760867
Credit for finding this bug in libpsx goes to David Gstir of
X41 D-Sec GmbH (https://x41-dsec.de/) who performed a security
audit of the libcap source code in April of 2023. The audit
was sponsored by the Open Source Technology Improvement Fund
(https://ostif.org/).
Audit ref: LCAP-CR-23-01 (CVE-2023-2602)
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
diff --git a/psx/psx.c b/psx/psx.c
index d9c0485..65eb2aa 100644
--- a/psx/psx.c
+++ b/psx/psx.c
@@ -516,7 +516,7 @@ int __wrap_pthread_create(pthread_t *thread, const pthread_attr_t *attr,
pthread_sigmask(SIG_BLOCK, &sigbit, NULL);
int ret = __real_pthread_create(thread, attr, _psx_start_fn, starter);
- if (ret == -1) {
+ if (ret > 0) {
psx_new_state(_PSX_CREATE, _PSX_IDLE);
memset(starter, 0, sizeof(*starter));
free(starter);

18
SOURCES/libcap-cve-2023-2603.patch Normal file
View File

@ -0,0 +1,18 @@
--- a/libcap/cap_alloc.c 2023-06-26 18:42:42.295817583 +0200
+++ b/libcap/cap_alloc.c 2023-06-26 18:40:32.485375859 +0200
@@ -82,7 +82,14 @@
return NULL;
}
- raw_data = malloc( sizeof(__u32) + strlen(old) + 1 );
+ size_t len = strlen(old);
+ if ((len & 0x3fffffff) != len) {
+ _cap_debug("len is too long for libcap to manage");
+ errno = EINVAL;
+ return NULL;
+ }
+ len += 1 + sizeof(__u32);
+ raw_data = calloc(1, len);
if (raw_data == NULL) {
errno = ENOMEM;
return NULL;

10
SPECS/libcap.spec
View File

@ -1,6 +1,6 @@
Name: libcap Name: libcap
Version: 2.48 Version: 2.48
Release: 8%{?dist} Release: 9%{?dist}
Summary: Library for getting and setting POSIX.1e capabilities Summary: Library for getting and setting POSIX.1e capabilities
URL: https://sites.google.com/site/fullycapable/ URL: https://sites.google.com/site/fullycapable/
License: BSD or GPLv2 License: BSD or GPLv2
@ -12,6 +12,8 @@ Patch2: libcap-static-analysis-fix-2.patch
Patch3: libcap-static-analysis-fix-3.patch Patch3: libcap-static-analysis-fix-3.patch
Patch4: libcap-disable-golang.patch Patch4: libcap-disable-golang.patch
Patch5: libcap-fix-ambient-caps.patch Patch5: libcap-fix-ambient-caps.patch
Patch6: libcap-cve-2023-2603.patch
Patch7: libcap-cve-2023-2602.patch
BuildRequires: libattr-devel pam-devel perl-interpreter gcc BuildRequires: libattr-devel pam-devel perl-interpreter gcc
BuildRequires: make BuildRequires: make
@ -88,6 +90,12 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
%changelog %changelog
* Wed Jul 12 2023 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 2.48-9
- Fix integer overflow in _libcap_strdup() (CVE-2023-2603)
Resolves: rhbz#2210638
- Correctly check pthread_create() return value to avoid memory leak (CVE-2023-2602)
Resolves: rhbz#2222198
* Fri Jan 28 2022 Zoltan Fridrich <zfridric@redhat.com> - 2.48-8 * Fri Jan 28 2022 Zoltan Fridrich <zfridric@redhat.com> - 2.48-8
- Fix ambient capabilities for non-root users - Fix ambient capabilities for non-root users
Related: rhbz#2037215 Related: rhbz#2037215