** Description changed: - The tracker developers have recently confined their extractor to attempt to make tracker more resilient to attacks, especially involving flaws in gstreamer parsers. - + * SECURITY UPDATE: extractor now runs in a sandbox confined by libseccomp + - extractor's filesystem and network access is limited to being read and + local only (LP: #1619600) + - No CVE number + + The tracker developers have recently confined their extractor to attempt + to make tracker more resilient to attacks, especially involving flaws in + gstreamer parsers. + There is no CVE number assigned to this issue. https://lwn.net/Articles/708196/ https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html The gstreamer security fixes are being handled separately. See bug 1619600
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1648921 Title: Sandbox the tracker extractor To manage notifications about this bug go to: https://bugs.launchpad.net/tracker/+bug/1648921/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
