Описание
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| fscrypt | fixed | 0.3.3-1 | package | |
| fscrypt | no-dsa | bullseye | package | |
| fscrypt | no-dsa | buster | package |
Примечания
https://www.openwall.com/lists/oss-security/2022/02/24/1
https://github.com/google/fscrypt/commit/6e355131670ad014e45f879475ddf800f0080d41
Связанные уязвимости
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.
Uncontrolled Resource Consumption in github.com/google/fscrypt