Stay Secure with the Latest Linux Advisories

security advisoryGentooarbitrary code

Gentoo: GLSA-202505-10 Normal: Tracker Miners Sandbox Escape Code Execution

A vulnerability has been discovered in Tracker miners, which can lead to a sandbox escape and execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202505-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Tracker miners: Sandbox weakness Date: May 14, 2025 Bugs: #916378 ID: 202505-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Tracker miners, which can lead to a sandbox escape and execution of arbitrary code. Background ========== The Tracker miners are a collection of data extractors for the GNOME Tracker. Affected packages ================= Package Vulnerable Unaffected ----------------------- ------------ ------------ app-misc/tracker-miners < 3.5.3 > = 3.5.3 Description =========== A vulnerability has been discovered in Tracker minders. Please review the CVE identifier referenced below for details. Impact ====== Please review the referenced CVE identifier for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Tracker miners users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-misc/tracker-miners-3.5.3" References ========== [ 1 ] CVE-2023-5557 https://nvd.nist.gov/vuln/detail/CVE-2023-5557 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202505-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should beaddressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Gentoo tracker miners revealed vulnerabilities allowing sandbox breaches, risking unauthorized code execution. Users are urged to update to patched releases for enhanced security.. Gentoo Security, Sandbox Weakness, Tracker Miners Vulnerability. . LinuxSecurity.com Team

May 14, 2025 Gentoo