Nome do pacote
libcap-ng
Data
2014-06-10
ID Alerta
MDVSA-2014:117
Versões afetadas
MBS1 x86_64

Descrição do problema

Updated libcap-ng packages fix security vulnerability:

capng_lock() in libcap-ng before 0.7.4 sets securebits in an attempt to
prevent regaining capabilities using setuid-root programs. This allows
a user to run setuid programs, such as seunshare from policycoreutils,
as uid 0 but without capabilities, which is potentially dangerous
(CVE-2014-3215).

Pacotes atualizados

MBS1 x86_64

 6a0146490198e0f7c8b18be13a5b3b28  mbs1/x86_64/lib64cap-ng0-0.6.6-3.1.mbs1.x86_64.rpm
 3a7780a2a9f04dbf467f377f73e2f960  mbs1/x86_64/lib64cap-ng-devel-0.6.6-3.1.mbs1.x86_64.rpm
 34e6796c1291c42622c1fe49e5945fab  mbs1/x86_64/libcap-ng-utils-0.6.6-3.1.mbs1.x86_64.rpm
 647aa21206ff055bd8f2d5b8ce4d2e72  mbs1/x86_64/python-libcap-ng-0.6.6-3.1.mbs1.x86_64.rpm 
 bb6f22ec59d6201987575e5ccb0bdd0a  mbs1/SRPMS/libcap-ng-0.6.6-3.1.mbs1.src.rpm

Referências