[Touch-packages] [Bug 1648921] Re: Sandbox the tracker extractor

[Jeremy Bicha]

** Description changed:

- The tracker developers have recently confined their extractor to attempt to 
make tracker more resilient to attacks, especially involving flaws in gstreamer 
parsers.
-  
+   * SECURITY UPDATE: extractor now runs in a sandbox confined by libseccomp
+     - extractor's filesystem and network access is limited to being read and
+       local only (LP: #1619600)
+     - No CVE number
+ 
+ The tracker developers have recently confined their extractor to attempt
+ to make tracker more resilient to attacks, especially involving flaws in
+ gstreamer parsers.
+ 
  There is no CVE number assigned to this issue.
  
  https://lwn.net/Articles/708196/
  
https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html
  
  The gstreamer security fixes are being handled separately. See bug
  1619600

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tracker in Ubuntu.
https://bugs.launchpad.net/bugs/1648921

Title:
  Sandbox the tracker extractor

Status in Tracker:
  Fix Released
Status in tracker package in Ubuntu:
  New

Bug description:
    * SECURITY UPDATE: extractor now runs in a sandbox confined by libseccomp
      - extractor's filesystem and network access is limited to being read and
        local only (LP: #1619600)
      - No CVE number

  The tracker developers have recently confined their extractor to
  attempt to make tracker more resilient to attacks, especially
  involving flaws in gstreamer parsers.

  There is no CVE number assigned to this issue.

  https://lwn.net/Articles/708196/
  
https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html

  The gstreamer security fixes are being handled separately. See bug
  1619600

To manage notifications about this bug go to:
https://bugs.launchpad.net/tracker/+bug/1648921/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp