Debian has issued an advisory on August 18: https://www.debian.org/security/2022/dsa-5213 Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
Various people update this SRPM, so assigning this bug globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. (CVE-2022-2787) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2787 https://www.debian.org/security/2022/dsa-5213 ======================== Updated packages in core/updates_testing: ======================== dchroot-1.7.2-18.1.mga8 lib(64)sbuild1.7.2-1.7.2-18.1.mga8 lib(64)sbuild-devel-1.7.2-18.1.mga8 schroot-1.7.2-18.1.mga8 from SRPM: schroot-1.7.2-18.1.mga8.src.rpm
Version: Cauldron => 8CVE: (none) => CVE-2022-2787CC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsSource RPM: schroot-1.7.2-23.mga9.src.rpm => schroot-1.7.2-18.mga8.src.rpmWhiteboard: MGA8TOO => (none)
Installed schroot and dependencies, then updated using qarepo. No installation issues. This is completely unknown territory for me, but fortunately there are those who have been here before and blazed a trail to follow. For testing, I used copy-and-paste to apply the procedure outlined in https://bugs.mageia.org/show_bug.cgi?id=10166#c6 (Thank you, Claire!) The test was successful, so I'm giving this an OK, and validating. Advisory in Comment 2.
Whiteboard: (none) => MGA8-64-OKCC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0329.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED