Bug 2243096 (CVE-2023-5557)

Summary: CVE-2023-5557 tracker-miners: sandbox escape
Product: [Other] Security Response Reporter: Nick Tait <ntait>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: mrehak, thoger, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: tracker-miners 3.3.2, tracker-miners 3.4.5, tracker-miners 3.5.3, tracker-miners 3.6.1 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2243098, 2243099    
Bug Blocks: 2243094    

Description Nick Tait 2023-10-10 17:11:26 UTC 
A weakness in the tracker-miners sandbox allows a maliciously-crafted 
file to gain code execution outside the sandbox if the tracker-extract 
process has first been compromised by a separate vulnerability, as 
demonstrated by [1]. This affects all versions of tracker-miners prior 
to 3.3.2, 3.4.5, 3.5.3, and 3.6.1, and additionally affects tracker 
1.12.

This affects all versions of RHEL 8 and RHEL 9. It doesn't affect RHEL 
7 because there is no sandbox in RHEL 7 (which ships tracker 1.10).

[1] https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/#tracker-miners-seccomp-sandbox-escape
[2] https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/277
[3] https://gitlab.gnome.org/GNOME/tracker-miners/-/merge_requests/480
Comment 1 Nick Tait 2023-10-10 17:14:19 UTC 
Created tracker-miners tracking bugs for this issue:

Affects: fedora-37 [bug 2243098]
Affects: fedora-38 [bug 2243099]
Comment 10 errata-xmlrpc 2023-12-11 09:27:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7712 https://access.redhat.com/errata/RHSA-2023:7712
Comment 11 errata-xmlrpc 2023-12-11 09:28:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:7713 https://access.redhat.com/errata/RHSA-2023:7713
Comment 12 errata-xmlrpc 2023-12-12 08:28:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7730 https://access.redhat.com/errata/RHSA-2023:7730
Comment 13 errata-xmlrpc 2023-12-12 10:43:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Via RHSA-2023:7731 https://access.redhat.com/errata/RHSA-2023:7731
Comment 14 errata-xmlrpc 2023-12-12 10:53:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7732 https://access.redhat.com/errata/RHSA-2023:7732
Comment 15 errata-xmlrpc 2023-12-12 10:53:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7733 https://access.redhat.com/errata/RHSA-2023:7733
Comment 16 errata-xmlrpc 2023-12-12 13:18:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2023:7739 https://access.redhat.com/errata/RHSA-2023:7739
Comment 17 errata-xmlrpc 2023-12-12 16:15:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2023:7744 https://access.redhat.com/errata/RHSA-2023:7744