Summary: | <sys-fs/zfs-{2.1.14,2.2.2}: data corruption | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christopher Fore <csfore> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gyakovlev, kumba, louis.leseur, neb.semqen.ramesses, root, sam, yurikoles |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 917224 | ||
Bug Blocks: |
Description
Christopher Fore
2023-11-25 16:58:05 UTC
I am unconvinced that this is worthy of a CVE.. This tool can easily detect all the corrupted files: https://github.com/0x5c/zfs-bclonecheck (In reply to Mike from comment #2) > This tool can easily detect all the corrupted files: > > https://github.com/0x5c/zfs-bclonecheck Some of the detected corrupted files then can be re-created by Gentoo user by re-emerge: equery b DETECTED_CORRUPTED_FILE_1 emerge -1 --usepkg=n PACKAGE Please keep the discussion on the upstream bug for detection but that is NOT complete. Non cloned files may be affected. New versions of zfs have been released today which solve the corruption bug https://github.com/openzfs/zfs/releases/download/zfs-2.2.2/zfs-2.2.2.tar.gz https://github.com/openzfs/zfs/releases/download/zfs-2.1.14/zfs-2.1.14.tar.gz I suppose we'll treat those as the fixed versions then. I'll vote no on a GLSA (but still wait for a second opinion). I'd say no. |