Wednesday, November 22, 2023

[USN-6504-1] tracker-miners vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmVeEQEACgkQZWnYVadE
vpNazRAAhNch+u69r1XkRXbjuasF554JKbMh3rdqQrmP5cfEabgzE3lE3m9n8uZZ
CDjevYBmQyJFTYGaIKWOsOwN/MGQZS6Uho550ZVP3NIhBGuG8ydTpTyAm4gFaw7h
MJi2uscc3XhVZ2Ams53KXSb5Q/akSJJRa8reXZ68MOMUCCmtzHl0KvyvDJouy5gr
GxBMI+CgbEvmdB98RywuJrLzAta0C2pWpJ3Tvc6KuFUjS1r5PM1MSsBglvXnH+h8
ud3v9SMMxe8RwrhpGPgFv5JL+2kriBt+vOjrwDKJ+wHevco8dOflbqyE1vkVFJGN
mMcQDfo1k3BHN5513eXeBRh5W6HIHiJJdCA93buPN36YZptgO3H8zVMGFIF2JLFX
9TMhYpnjzG5DbymBKCGeWdq/C/+Uc0stHMETD00A52/y939sm7Sf65FdXDC+A05w
gsVVToyQtGsoV8EX62KLIXHE6M5ditDB+UCwOwWqtavTSZ7zG/PhlJPryd4QUflD
ikgzV7Ax63YV8GLiw31Vss2uuXbFDugPUz4E7xYlDe2g18OtvOBSvI5wLIkR8KJY
34BxODn2wtgWp0653Zp3mbqIV7brBKhFnfpP3xINYtW40KaJ0cUCub0l6dTNTJQ5
gnqsGcjlEG7GYzT7GnxWUxGJNoOitLgeqSvS98zYguT2axaoTHg=
=jTDA
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6504-1
November 22, 2023

tracker-miners vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS

Summary:

A system hardening measure could be bypassed.

Software Description:
- tracker-miners: Metadata database, indexer and search tool

Details:

It was discovered that tracker-miners incorrectly handled sandboxing. If a
second security issue was discovered in tracker-miners, an attacker
could possibly use this issue in combination with it to escape the sandbox.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
tracker-extract 3.4.6-0ubuntu0.23.10.1

Ubuntu 23.04:
tracker-extract 3.4.6-0ubuntu0.23.04.1

Ubuntu 22.04 LTS:
tracker-extract 3.3.3-0ubuntu0.20.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://ubuntu.com/security/notices/USN-6504-1
CVE-2023-5557

Package Information:
https://launchpad.net/ubuntu/+source/tracker-miners/3.4.6-0ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/tracker-miners/3.4.6-0ubuntu0.23.04.1
https://launchpad.net/ubuntu/+source/tracker-miners/3.3.3-0ubuntu0.20.04.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)