** Description changed:
- * SECURITY UPDATE: extractor now runs in a sandbox confined by libseccomp
- - extractor's filesystem and network access is limited to being read and
- local only (LP: #1619600)
- - No CVE number
+ * SECURITY UPDATE: extractor now runs in a sandbox confined by libseccomp
+ - extractor's filesystem and network access is limited to being read and
+ local only (LP: #1648921)
+ - No CVE number
The tracker developers have recently confined their extractor to attempt
to make tracker more resilient to attacks, especially involving flaws in
gstreamer parsers.
There is no CVE number assigned to this issue.
https://lwn.net/Articles/708196/
https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html
The gstreamer security fixes are being handled separately. See bug
1619600
** Also affects: tracker (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: tracker (Ubuntu Xenial)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1648921
Title:
Sandbox the tracker extractor
To manage notifications about this bug go to:
https://bugs.launchpad.net/tracker/+bug/1648921/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
