First published: Sat Aug 27 2022(Updated: )
Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.
Credit: security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Schroot | <1.6.13 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-2787 is a vulnerability in Schroot that had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.
The severity of CVE-2022-2787 is medium with a CVSS score of 4.3.
The affected software includes Debian Schroot versions up to and excluding 1.6.13, Debian Linux 10.0, and Debian Linux 11.0.
To fix CVE-2022-2787, users should update to the latest version of Schroot.
You can find more information about CVE-2022-2787 on the following references: [link1](https://codeberg.org/shelter/reschroot/commit/6f7166a285e1e97aea390be633591f9791b29a6d), [link2](https://lists.debian.org/debian-lts-announce/2022/08/msg00007.html), [link3](https://lists.debian.org/debian-security-announce/2022/msg00182.html).