ArchLinux: 201905-3: nautilus: sandbox escape

    Date 07 May 2019
    469
    Posted By LinuxSecurity Advisories
    The package nautilus before version 3.32.1-1 is vulnerable to sandbox escape.
    Arch Linux Security Advisory ASA-201905-3
    =========================================
    
    Severity: High
    Date    : 2019-05-06
    CVE-ID  : CVE-2019-11461
    Package : nautilus
    Type    : sandbox escape
    Remote  : No
    Link    : https://security.archlinux.org/AVG-956
    
    Summary
    =======
    
    The package nautilus before version 3.32.1-1 is vulnerable to sandbox
    escape.
    
    Resolution
    ==========
    
    Upgrade to 3.32.1-1.
    
    # pacman -Syu "nautilus>=3.32.1-1"
    
    The problem has been fixed upstream in version 3.32.1.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32
    prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap
    sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push
    characters into the input buffer of the thumbnailer's controlling
    terminal, allowing an attacker to escape the sandbox if the thumbnailer
    has a controlling terminal. This is due to improper filtering of the
    TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.
    
    Impact
    ======
    
    A local attacker is able to escape the sandbox.
    
    References
    ==========
    
    https://gitlab.gnome.org/GNOME/nautilus/issues/987
    https://gitlab.gnome.org/GNOME/nautilus/commit/2ddba428ef2b13d0620bd599c3635b9c11044659
    https://security.archlinux.org/CVE-2019-11461
    

    LinuxSecurity Poll

    Have you ever used tcpdump for network troubleshooting or debugging?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/36-have-you-ever-used-tcpdump-for-network-troubleshooting-or-debugging?task=poll.vote&format=json
    36
    radio
    [{"id":"125","title":"Yes","votes":"36","type":"x","order":"1","pct":80,"resources":[]},{"id":"126","title":"No ","votes":"9","type":"x","order":"2","pct":20,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.