Release date:
2026-05-05 00:40:45 UTC
Description:
* SECURITY UPDATE: TOCTOU race in cap_set_file()
- debian/patches/CVE-2026-4878.patch: lock onto the target file via an
O_PATH descriptor and operate via /proc/self/fd/N in libcap/cap_file.c
so that file capability changes cannot be redirected to an attacker-
controlled file by a local user with write access to a parent directory.
- CVE-2026-4878
Updated packages:
-
libcap-dev_2.32-1ubuntu0.2+tuxcare.els1_amd64.deb
sha:86e02ab70a21e559268ccb0eb6c48404834979db
-
libcap2_2.32-1ubuntu0.2+tuxcare.els1_amd64.deb
sha:e7257df0680f8a0cde5f0331f1bf0f5d7fe880b6
-
libcap2-bin_2.32-1ubuntu0.2+tuxcare.els1_amd64.deb
sha:5c11e8beddd3a4ad39eba413cb65f1441ff569b5
-
libpam-cap_2.32-1ubuntu0.2+tuxcare.els1_amd64.deb
sha:36537df44a41df81fd2c3f59e76fc5d7fd04f7e6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
