Security
Security
A vulnerability has been discovered in schroot which could result in denial of service of the schroot service.
| Package | dev-util/schroot on all architectures |
|---|---|
| Affected versions | < 1.6.13_p2 |
| Unaffected versions | >= 1.6.13_p2 |
schroot is a utility to execute commands in a chroot environment.
schroot is unecessarily permissive in rules regarding chroot and session names.
A crafted chroot or session name can break the internal state of the schroot service, leading to denial of service.
There is no known workaround at this time.
All schroot users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/schroot-1.6.13"
Release date
October 31, 2022
Latest revision
October 31, 2022: 1
Severity
low
Exploitable
remote
Bugzilla entries