Package "libcap2"

Name:	libcap2
Description:	POSIX 1003.1e capabilities (library)
Latest version:	1:2.66-5ubuntu2.4
Release:	noble (24.04)
Level:	security
Repository:	main
Homepage:	https://sites.google.com/site/fullycapable/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "libcap2"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "libcap2" in Noble

Repository	Area	Version
base	main	1:2.66-5ubuntu2
updates	main	1:2.66-5ubuntu2.4

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 1:2.66-5ubuntu2.4 2026-04-21 17:09:40 UTC

libcap2 (1:2.66-5ubuntu2.4) noble-security; urgency=medium * SECURITY UPDATE: potential TOCTOU race condition in cap_set_file() - debian/patches/CVE-2026-4878.patch: fix race in libcap/cap_file.c, progs/quicktest.sh. - CVE-2026-4878 -- Marc Deslauriers <email address hidden> Thu, 09 Apr 2026 11:04:27 -0400

Source diff to previous version

CVE-2026-4878

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` func

Version: 1:2.66-5ubuntu2.2 2025-02-24 17:07:05 UTC

libcap2 (1:2.66-5ubuntu2.2) noble-security; urgency=medium * SECURITY UPDATE: incorrect group name handling - debian/patches/CVE-2025-1390-1.patch: fix potential configuration parsing error in pam_cap/pam_cap.c. - debian/patches/CVE-2025-1390-2.patch: add a test for bad group prefix in pam_cap/sudotest.conf. - CVE-2025-1390 -- Marc Deslauriers <email address hidden> Thu, 20 Feb 2025 10:49:57 -0500

CVE-2025-1390

The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@”

About - Send Feedback to @ubuntu_updates

Package "libcap2"

Links

Download "libcap2"

Other versions of "libcap2" in Noble

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

proposed

base

updates

PPA updates