916378 – (CVE-2023-5557) <app-misc/tracker-miners-3.5.3: Sandbox weakness

Bug 916378 (CVE-2023-5557) - <app-misc/tracker-miners-3.5.3: Sandbox weakness

Summary: <app-misc/tracker-miners-3.5.3: Sandbox weakness

Status:	IN_PROGRESS

Alias:	CVE-2023-5557

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	A3 [glsa?]
Keywords:

Depends on:	916076
Blocks:
	Show dependency tree

Reported:	2023-10-28 04:01 UTC by Sam James
Modified:	2024-05-30 04:15 UTC (History)
CC List:	1 user (show)

See Also:	CVE-2023-43641 933164
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2023-10-28 04:01:53 UTC

The sandbox before 3.5.3 was weak and allowed bug 915500 to become a 1-click RCE.

Comment 1 Sam James archtester

2023-10-30 10:54:54 UTC

As usual with seccomp, a bunch of issues have cropped up with the fix here:
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/280
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/281
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/283
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/284
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/288
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/287
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/285
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/289