(RHSA-2011:1694) Low: libcap security and bug fix update

ID RHSA-2011:1694
Type redhat
Reporter RedHat
Modified 2018-06-06T20:24:19


The libcap packages provide a library and tools for getting and setting POSIX capabilities.

It was found that capsh did not change into the new root when using the "--chroot" option. An application started via the "capsh --chroot" command could use this flaw to escape the chroot restrictions. (CVE-2011-4099)

This update also fixes the following bug:

  • Previously, the libcap packages did not contain the capsh(1) manual page. With this update, the capsh(1) manual page is included. (BZ#730957)

All libcap users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.