CLSA-2026-1777941636

Import Source

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1777941636

Upstream

Published

2026-05-05T00:40:45Z

Modified

2026-06-04T09:47:38.040733822Z

Summary

Fix CVE(s): CVE-2026-4878

Details

SECURITY UPDATE: TOCTOU race in capsetfile()
- debian/patches/CVE-2026-4878.patch: lock onto the target file via an OPATH descriptor and operate via /proc/self/fd/N in libcap/capfile.c so that file capability changes cannot be redirected to an attacker- controlled file by a local user with write access to a parent directory.
- CVE-2026-4878

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.32-1ubuntu0.2+tuxcare.els1

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777941636.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.32-1ubuntu0.2+tuxcare.els1

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777941636.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.32-1ubuntu0.2+tuxcare.els1

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777941636.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.32-1ubuntu0.2+tuxcare.els1

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777941636.json"