A vulnerability has been discovered in schroot which could result in denial of service of the schroot service.
|Package||dev-util/schroot on all architectures|
|Affected versions||< 1.6.13_p2|
|Unaffected versions||>= 1.6.13_p2|
schroot is a utility to execute commands in a chroot environment.
schroot is unecessarily permissive in rules regarding chroot and session names.
A crafted chroot or session name can break the internal state of the schroot service, leading to denial of service.
There is no known workaround at this time.
All schroot users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/schroot-1.6.13"
October 31, 2022
October 31, 2022: 1