Download
| Alert*
oval:org.secpod.oval:def:301123
A vulnerability has been discovered and corrected in libcap: capsh did not chdir after callling chroot. Programs could therefore access the current directory outside of the chroot . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:1504495 libcap oval:org.secpod.oval:def:500246 The libcap packages provide a library and tools for getting and setting POSIX capabilities. It was found that capsh did not change into the new root when using the "--chroot" option. An application started via the "capsh --chroot" command could use this flaw to escape the chroot ... |