Bug 18804 - CVE-2025-1390: libcap: potential configuration parsing error
Summary: CVE-2025-1390: libcap: potential configuration parsing error
Status: RESOLVED FIXED
Alias: None
Product: Security Response
Classification: Infrastructures
Component: Anolis OS (show other bugs) Anolis OS
Version: unspecified
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: security
QA Contact: shuming
URL:
Whiteboard:
Keywords:
: 18909 18910 (view as bug list)
Depends on:
Blocks:
 
Reported: 2025-02-13 10:10 UTC by tj
Modified: 2025-02-21 14:28 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Shiloong admin 2025-02-17 14:43:59 UTC 
The bugfix has been merged into upstream:
https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878
Comment 2 Shiloong admin 2025-02-18 10:41:45 UTC 
OpenAnolis CNA has assigned CVE-2025-1390 to this issue.
Comment 3 Shiloong admin 2025-02-18 15:23:38 UTC 
Anolis OS 23 has been fixed by:
https://gitee.com/src-anolis-os/libcap/pulls/12
Comment 4 Shiloong admin 2025-02-18 15:23:56 UTC 
Anolis OS 23.2 has been fixed by:
https://gitee.com/src-anolis-os/libcap/pulls/13
Comment 5 Shiloong admin 2025-02-18 15:50:19 UTC 
Anolis OS 8 has been fixed:
https://gitee.com/src-anolis-os/libcap/pulls/14
Comment 6 Shiloong admin 2025-02-19 09:41:26 UTC 
*** Bug 18909 has been marked as a duplicate of this bug. ***
Comment 7 Shiloong admin 2025-02-19 09:42:05 UTC 
*** Bug 18910 has been marked as a duplicate of this bug. ***
Comment 8 Shiloong admin 2025-02-21 14:28:47 UTC 
Anolis OS 8 has been addressed via ANSA-2025:0096:
https://anas.openanolis.cn/errata/detail/ANSA-2025:0096