Описание
Security update for tracker-miners
This update for tracker-miners fixes the following issues:
- CVE-2023-5557: Fixed a sandbox escape by adding seccomp rules and applying it to the whole process (bsc#1216199)
- rebuild against current ICU 73.
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP4
tracker-miner-files-3.2.2-150400.3.7.1
tracker-miners-3.2.2-150400.3.7.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
tracker-miner-files-3.2.2-150400.3.7.1
tracker-miners-3.2.2-150400.3.7.1
SUSE Linux Enterprise Workstation Extension 15 SP4
tracker-miners-lang-3.2.2-150400.3.7.1
SUSE Linux Enterprise Workstation Extension 15 SP5
tracker-miners-lang-3.2.2-150400.3.7.1
openSUSE Leap 15.4
tracker-miner-files-3.2.2-150400.3.7.1
tracker-miners-3.2.2-150400.3.7.1
tracker-miners-lang-3.2.2-150400.3.7.1
openSUSE Leap 15.5
tracker-miner-files-3.2.2-150400.3.7.1
tracker-miners-3.2.2-150400.3.7.1
tracker-miners-lang-3.2.2-150400.3.7.1
Ссылки
- Link for SUSE-SU-2023:4868-1
- E-Mail link for SUSE-SU-2023:4868-1
- SUSE Security Ratings
- SUSE Bug 1216199
- SUSE CVE CVE-2023-5557 page
Описание
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:tracker-miner-files-3.2.2-150400.3.7.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:tracker-miners-3.2.2-150400.3.7.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:tracker-miner-files-3.2.2-150400.3.7.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:tracker-miners-3.2.2-150400.3.7.1
Ссылки
- CVE-2023-5557
- SUSE Bug 1216199