Release date:
2026-05-07 16:36:45 UTC
Description:
- CVE-2026-4878: TOCTOU race in cap_set_file() allowed an attacker to swap
the target with a symlink between path lookup and xattr write; perform
xattr writes via an O_NOFOLLOW/O_PATH file descriptor instead of the
user-supplied path
Updated packages:
-
libcap-2.54-1.amzn2.0.3.tuxcare.els1.i686.rpm
sha:723888bcc6c7c0d63db74d9416eaff0fe81e6e9cd2170e49e0f44b2fe51cd88f
-
libcap-2.54-1.amzn2.0.3.tuxcare.els1.x86_64.rpm
sha:42ca616d2413c0f8ef4e5300333f0bf27798cf7c26ff913ae7026f0776b94aeb
-
libcap-devel-2.54-1.amzn2.0.3.tuxcare.els1.x86_64.rpm
sha:880a18349f295b769094fa5045f4654619ac53577282f955d9b22a0bc20a5ed9
-
libcap-static-2.54-1.amzn2.0.3.tuxcare.els1.x86_64.rpm
sha:735debd3c8c5a852b6fde0d3ea954b950440fd2fb3537d2fc9191cb008f4668f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
