-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-5213-1
security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 18, 2022
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : schroot
CVE ID : CVE-2022-2787
Julian Gilbey discovered that schroot, a tool allowing users to execute commands in a chroot environment, had too permissive rules on chroot or
session names, allowing a denial of service on the schroot service for
all users that may start a schroot session.
Note that existing chroots and sessions are checked during upgrade, and
an upgrade is aborted if any future invalid name is detected.
Problematic session and chroots can be checked before upgrading with the following command:
schroot --list --all | LC_ALL=C grep -vE '^[a-z]+:[a-zA-Z0-9][a-zA-Z0-9_.-]*$'
See
<
https://codeberg.org/shelter/reschroot/src/tag/release/reschroot-1.6.13/NEWS#L10-L41>
for instructions on how to resolve such a situation.
For the stable distribution (bullseye), this problem has been fixed in
version 1.6.10-12+deb11u1.
We recommend that you upgrade your schroot packages.
For the detailed security status of schroot please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/schroot
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmL+KGJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QPdw/7BxDIMRgoa6zm6iTUvN/hcaim3Z1SJ/ZQhAaKtdU1RtqqlOz/BcQiovrZ 6xfl+Ss8kWQRjuqmR2G30tnLY2nW992vNw5PhQl/mlC4NHkFZIySPNQioAuesiF1 jp0iAvTwDGyHsrZmRdPIP3qB+PwycKnK57dq5FZizS9UNs7VYMLFDwXRk0XmhtwV F1U8JxX57cfPtxFspoIWEGBa8yuD4IWR/UDzd/taWd4LspB1K2gyEfN2uacvGGwl UGu2/hjAGOQwIlSvRHpuYlgb4FZCM7v2hQNeb0okIOQb+Id0g1kqxVuAdP03GrTp s/5B+cUh9IFG2fEccOgB5YUz5T5p9NUD2CgccCa3GjXrsDg8qpig5RCVC5KShvYF 9JHcl6l09LQVZdVtGpJKVIpCyrGjLEKUpwsHZPbDs3/r4UkL8Hj7H4Us4d1dN1bB vtjaxPJ2uCzlEXhc6bzTV6dLLUj0qmO8pxAIoOce9MI3GVIUTMPr7RnRYMewN4Re ++mJRLSEQNOpcg9YOfLh5eVr/RB21ZuqI+9/N0OzJ9oHvnSyuegKzCzJV6EsTsjF vKnpy7Pb6agPb+M3GW7TfWuftvNbtnmsyM942OgeqYl/jvK0lvRaNLyJIi/FYry0 t3mmo/QsdgBVua4yfIragbUwBk3mcAnMvhivOJFJoBSrigfUErg=
=Gh4e
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)