Bug 2243096 (CVE-2023-5557) - CVE-2023-5557 tracker-miners: sandbox escape
Summary: CVE-2023-5557 tracker-miners: sandbox escape
Keywords:
Status: NEW
Alias: CVE-2023-5557
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2243098 2243099
Blocks: 2243094
TreeView+ depends on / blocked
 
Reported: 2023-10-10 17:11 UTC by Nick Tait
Modified: 2023-12-15 07:10 UTC (History)
3 users (show)

Fixed In Version: tracker-miners 3.3.2, tracker-miners 3.4.5, tracker-miners 3.5.3, tracker-miners 3.6.1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:7712 0 None None None 2023-12-11 09:27:44 UTC
Red Hat Product Errata RHSA-2023:7713 0 None None None 2023-12-11 09:28:59 UTC
Red Hat Product Errata RHSA-2023:7730 0 None None None 2023-12-12 08:28:16 UTC
Red Hat Product Errata RHSA-2023:7731 0 None None None 2023-12-12 10:43:53 UTC
Red Hat Product Errata RHSA-2023:7732 0 None None None 2023-12-12 10:53:41 UTC
Red Hat Product Errata RHSA-2023:7733 0 None None None 2023-12-12 10:53:58 UTC
Red Hat Product Errata RHSA-2023:7739 0 None None None 2023-12-12 13:18:59 UTC
Red Hat Product Errata RHSA-2023:7744 0 None None None 2023-12-12 16:15:06 UTC

Description Nick Tait 2023-10-10 17:11:26 UTC
A weakness in the tracker-miners sandbox allows a maliciously-crafted 
file to gain code execution outside the sandbox if the tracker-extract 
process has first been compromised by a separate vulnerability, as 
demonstrated by [1]. This affects all versions of tracker-miners prior 
to 3.3.2, 3.4.5, 3.5.3, and 3.6.1, and additionally affects tracker 
1.12.

This affects all versions of RHEL 8 and RHEL 9. It doesn't affect RHEL 
7 because there is no sandbox in RHEL 7 (which ships tracker 1.10).

[1] https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/#tracker-miners-seccomp-sandbox-escape
[2] https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/277
[3] https://gitlab.gnome.org/GNOME/tracker-miners/-/merge_requests/480

Comment 1 Nick Tait 2023-10-10 17:14:19 UTC
Created tracker-miners tracking bugs for this issue:

Affects: fedora-37 [bug 2243098]
Affects: fedora-38 [bug 2243099]

Comment 10 errata-xmlrpc 2023-12-11 09:27:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7712 https://access.redhat.com/errata/RHSA-2023:7712

Comment 11 errata-xmlrpc 2023-12-11 09:28:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:7713 https://access.redhat.com/errata/RHSA-2023:7713

Comment 12 errata-xmlrpc 2023-12-12 08:28:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7730 https://access.redhat.com/errata/RHSA-2023:7730

Comment 13 errata-xmlrpc 2023-12-12 10:43:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Via RHSA-2023:7731 https://access.redhat.com/errata/RHSA-2023:7731

Comment 14 errata-xmlrpc 2023-12-12 10:53:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7732 https://access.redhat.com/errata/RHSA-2023:7732

Comment 15 errata-xmlrpc 2023-12-12 10:53:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7733 https://access.redhat.com/errata/RHSA-2023:7733

Comment 16 errata-xmlrpc 2023-12-12 13:18:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2023:7739 https://access.redhat.com/errata/RHSA-2023:7739

Comment 17 errata-xmlrpc 2023-12-12 16:15:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2023:7744 https://access.redhat.com/errata/RHSA-2023:7744


Note You need to log in before you can comment on or make changes to this bug.