[Touch-packages] [Bug 1648921] Re: Sandbox the tracker extractor

Fri, 09 Dec 2016 19:46:19 -0800 

** Description changed:

-   * SECURITY UPDATE: extractor now runs in a sandbox confined by libseccomp
-     - extractor's filesystem and network access is limited to being read and
-       local only (LP: #1619600)
-     - No CVE number
+ * SECURITY UPDATE: extractor now runs in a sandbox confined by libseccomp
+     - extractor's filesystem and network access is limited to being read and
+       local only (LP: #1648921)
+     - No CVE number
  
  The tracker developers have recently confined their extractor to attempt
  to make tracker more resilient to attacks, especially involving flaws in
  gstreamer parsers.
  
  There is no CVE number assigned to this issue.
  
  https://lwn.net/Articles/708196/
  
https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html
  
  The gstreamer security fixes are being handled separately. See bug
  1619600

** Also affects: tracker (Ubuntu Yakkety)
   Importance: Undecided
       Status: New

** Also affects: tracker (Ubuntu Xenial)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tracker in Ubuntu.
https://bugs.launchpad.net/bugs/1648921

Title:
  Sandbox the tracker extractor

Status in Tracker:
  Fix Released
Status in tracker package in Ubuntu:
  New
Status in tracker source package in Xenial:
  New
Status in tracker source package in Yakkety:
  New

Bug description:
  * SECURITY UPDATE: extractor now runs in a sandbox confined by libseccomp
      - extractor's filesystem and network access is limited to being read and
        local only (LP: #1648921)
      - No CVE number

  The tracker developers have recently confined their extractor to
  attempt to make tracker more resilient to attacks, especially
  involving flaws in gstreamer parsers.

  There is no CVE number assigned to this issue.

  https://lwn.net/Articles/708196/
  
https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html

  The gstreamer security fixes are being handled separately. See bug
  1619600

To manage notifications about this bug go to:
https://bugs.launchpad.net/tracker/+bug/1648921/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to