USN-6166-1: libcap2 vulnerabilities

Releases

• Ubuntu 23.04
• Ubuntu 22.10
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS

Packages

• libcap2 - POSIX 1003.1e capabilities (library)

Details

David Gstir discovered that libcap2 incorrectly handled certain return
codes. An attacker could possibly use this issue to cause libcap2 to
consume memory, leading to a denial of service. (CVE-2023-2602)

Richard Weinberger discovered that libcap2 incorrectly handled certain long
input strings. An attacker could use this issue to cause libcap2 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2023-2603)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.04

• libcap2 - 1:2.66-3ubuntu2.1
• libcap2-bin - 1:2.66-3ubuntu2.1

Ubuntu 22.10

• libcap2 - 1:2.44-1ubuntu0.22.10.1
• libcap2-bin - 1:2.44-1ubuntu0.22.10.1

Ubuntu 22.04

• libcap2 - 1:2.44-1ubuntu0.22.04.1
• libcap2-bin - 1:2.44-1ubuntu0.22.04.1

Ubuntu 20.04

• libcap2 - 1:2.32-1ubuntu0.1
• libcap2-bin - 1:2.32-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

• CVE-2023-2602
• CVE-2023-2603

Related notices

• USN-6166-2: libcap2, libpam-cap, libcap2-bin, libcap-dev