Hello community, here is the log from the commit of package libcap for openSUSE:11.3 checked in at Fri Nov 4 15:05:40 CET 2011.
-------- --- old-versions/11.3/all/libcap/libcap.changes 2010-06-09 11:22:55.000000000 +0200 +++ 11.3/libcap/libcap.changes 2011-11-02 11:40:54.000000000 +0100 @@ -1,0 +2,6 @@ +Wed Nov 2 11:40:32 CET 2011 - [email protected] + +- Fix VUL-0: libcap2: capsh does not chdir after chroot + (CVE-2011-4099, bnc#727715) + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.3/all/libcap Destination is old-versions/11.3/UPDATES/all/libcap calling whatdependson for 11.3-i586 New: ---- libcap-CVE-2011-4099.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libcap.spec ++++++ --- /var/tmp/diff_new_pack.DZLrLN/_old 2011-11-04 15:02:46.000000000 +0100 +++ /var/tmp/diff_new_pack.DZLrLN/_new 2011-11-04 15:02:46.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package libcap (Version 2.16) +# spec file for package libcap # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,10 +24,11 @@ AutoReqProv: on Summary: Library for Capabilities (linux-privs) Support Version: 2.16 -Release: 5 +Release: 10.<RELEASE2> Source: ftp://ftp.de.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-%{version}.tar.bz2 Source2: baselibs.conf Patch: libcap-u64-typedef-fix.diff +Patch1: libcap-CVE-2011-4099.diff #URL: http://www.kernel.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libattr-devel @@ -93,6 +94,7 @@ %prep %setup -q %patch -p1 +%patch1 -p1 %build # lib=%{_lib} make %{?jobs:-j %jobs} COPTFLAG="$RPM_OPT_FLAGS" ++++++ libcap-CVE-2011-4099.diff ++++++ >From af725c50c2930485947bd958dbdf984faf8fc1ba Mon Sep 17 00:00:00 2001 From: "Andrew G. Morgan" <[email protected]> Date: Sun, 24 Jul 2011 19:17:25 -0700 Subject: [PATCH] Change directory to "/" after --chroot operation. Thanks to Steve Grubb for suggesting this. He wrote: ========= I was reviewing something recently and discovered a problem in capsh. The capsh program has a --chroot command line option. Inspecting the code shows that it does not do a chdir("/") after calling chroot. This means that '.' is outside the chroot. Additional info: http://cwe.mitre.org/data/definitions/243.html ========= Signed-off-by: Andrew G. Morgan <[email protected]> --- progs/capsh.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/progs/capsh.c +++ b/progs/capsh.c @@ -243,10 +243,16 @@ perror("unable to lower CAP_SYS_CHROOT"); exit(1); } + /* + * Given we are now in a new directory tree, its good practice + * to start off in a sane location + */ + status = chdir("/"); + cap_free(orig); if (status != 0) { - fprintf(stderr, "Unable to chroot to [%s]", argv[i]+9); + fprintf(stderr, "Unable to chroot/chdir to [%s]", argv[i]+9); exit(1); } } else if (!memcmp("--secbits=", argv[i], 10)) { continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
