ArchLinux: 201905-3: nautilus: sandbox escape

    Date07 May 2019
    CategoryArchLinux
    227
    Posted ByLinuxSecurity Advisories
    The package nautilus before version 3.32.1-1 is vulnerable to sandbox escape.
    Arch Linux Security Advisory ASA-201905-3
    =========================================
    
    Severity: High
    Date    : 2019-05-06
    CVE-ID  : CVE-2019-11461
    Package : nautilus
    Type    : sandbox escape
    Remote  : No
    Link    : https://security.archlinux.org/AVG-956
    
    Summary
    =======
    
    The package nautilus before version 3.32.1-1 is vulnerable to sandbox
    escape.
    
    Resolution
    ==========
    
    Upgrade to 3.32.1-1.
    
    # pacman -Syu "nautilus>=3.32.1-1"
    
    The problem has been fixed upstream in version 3.32.1.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32
    prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap
    sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push
    characters into the input buffer of the thumbnailer's controlling
    terminal, allowing an attacker to escape the sandbox if the thumbnailer
    has a controlling terminal. This is due to improper filtering of the
    TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.
    
    Impact
    ======
    
    A local attacker is able to escape the sandbox.
    
    References
    ==========
    
    https://gitlab.gnome.org/GNOME/nautilus/issues/987
    https://gitlab.gnome.org/GNOME/nautilus/commit/2ddba428ef2b13d0620bd599c3635b9c11044659
    https://security.archlinux.org/CVE-2019-11461
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.