Advisories » MGASA-2022-0329

Updated schroot packages fix security vulnerability

Publication date: 16 Sep 2022
Modification date: 16 Sep 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-2787

Description

Schroot before 1.6.13 had too permissive rules on chroot or session names,
allowing a denial of service on the schroot service for all users that may
start a schroot session. (CVE-2022-2787)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=30758
• https://www.debian.org/security/2022/dsa-5213
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2787

SRPMS

8/core

• schroot-1.7.2-18.1.mga8