[ MDVSA-2015:156 ] libcap-ng

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:156
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libcap-ng
 Date    : March 29, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated libcap-ng packages fix security vulnerability:
 
 capng_lock() in libcap-ng before 0.7.4 sets securebits in an attempt to
 prevent regaining capabilities using setuid-root programs. This allows
 a user to run setuid programs, such as seunshare from policycoreutils,
 as uid 0 but without capabilities, which is potentially dangerous
 (CVE-2014-3215).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3215
 http://advisories.mageia

007 Software

[ MDVSA-2015:156 ] libcap-ng

Leave a Reply Cancel reply

Software and Security Information