Red Hat Product Errata RHSA-2023:7744 - Security Advisory
Issued:
2023-12-12
Updated:
2023-12-12

RHSA-2023:7744 - Security Advisory

Synopsis

Important: tracker-miners security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for tracker-miners is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. This package contains various miners and metadata extractors for tracker.

Security Fix(es):

  • tracker-miners: sandbox escape (CVE-2023-5557)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x

Fixes

  • BZ - 2243096 - CVE-2023-5557 tracker-miners: sandbox escape

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM
tracker-miners-3.1.2-4.el9_2.src.rpm SHA-256: e4437b06972d8fd54e79c8fad6087b3cd1023c43fe3ba85e6bd1d6568cb1b9fc
x86_64
tracker-miners-3.1.2-4.el9_2.x86_64.rpm SHA-256: d54ad7a136e0cf9cf50ca9721e5853a4da3c74c07f3323a08f1d8c357abad6d6
tracker-miners-debuginfo-3.1.2-4.el9_2.x86_64.rpm SHA-256: 34dc7d43c05e29a5c3e1d77e60bf108bdc472c93fca02c4b1cdd3d4c77ad75f3
tracker-miners-debugsource-3.1.2-4.el9_2.x86_64.rpm SHA-256: 906a7090cf6f88e3201284687f8e1e71257378960a13d173dd1a59585ac45f72

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
tracker-miners-3.1.2-4.el9_2.src.rpm SHA-256: e4437b06972d8fd54e79c8fad6087b3cd1023c43fe3ba85e6bd1d6568cb1b9fc
x86_64
tracker-miners-3.1.2-4.el9_2.x86_64.rpm SHA-256: d54ad7a136e0cf9cf50ca9721e5853a4da3c74c07f3323a08f1d8c357abad6d6
tracker-miners-debuginfo-3.1.2-4.el9_2.x86_64.rpm SHA-256: 34dc7d43c05e29a5c3e1d77e60bf108bdc472c93fca02c4b1cdd3d4c77ad75f3
tracker-miners-debugsource-3.1.2-4.el9_2.x86_64.rpm SHA-256: 906a7090cf6f88e3201284687f8e1e71257378960a13d173dd1a59585ac45f72

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM
tracker-miners-3.1.2-4.el9_2.src.rpm SHA-256: e4437b06972d8fd54e79c8fad6087b3cd1023c43fe3ba85e6bd1d6568cb1b9fc
s390x
tracker-miners-3.1.2-4.el9_2.s390x.rpm SHA-256: 69202a28700415f31620f8758fef8c11801b5f0d23dbca9bcc45a7d3b7b1657b
tracker-miners-debuginfo-3.1.2-4.el9_2.s390x.rpm SHA-256: 9adc11da1a671ffea73d39133f38526faf3725203603931f936c697df063902e
tracker-miners-debugsource-3.1.2-4.el9_2.s390x.rpm SHA-256: 73fe3f95262579951ba495e244c4fcc80f3a00dc5c289811fdd6b8ee18f78be3

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM
tracker-miners-3.1.2-4.el9_2.src.rpm SHA-256: e4437b06972d8fd54e79c8fad6087b3cd1023c43fe3ba85e6bd1d6568cb1b9fc
ppc64le
tracker-miners-3.1.2-4.el9_2.ppc64le.rpm SHA-256: ac4fea172f8b743ebad0bb4e1d64641cd83dd9ac43542da23f0bb50aaa6b24d9
tracker-miners-debuginfo-3.1.2-4.el9_2.ppc64le.rpm SHA-256: 82d1f44d024f9ea0edd58a883fdaa4576d3b5ee2efe5f8c611a88c6111ec1b8e
tracker-miners-debugsource-3.1.2-4.el9_2.ppc64le.rpm SHA-256: 5279c4b7d925ec35ef2d31a5161d75d2492b49dd9c0aa366bff183518623c56d

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM
tracker-miners-3.1.2-4.el9_2.src.rpm SHA-256: e4437b06972d8fd54e79c8fad6087b3cd1023c43fe3ba85e6bd1d6568cb1b9fc
aarch64
tracker-miners-3.1.2-4.el9_2.aarch64.rpm SHA-256: 03ee0047512e4cfdbca71af519d6c6dc6cb208e11f688ee7aeaec18c60857b79
tracker-miners-debuginfo-3.1.2-4.el9_2.aarch64.rpm SHA-256: 99546676bc60a44e9c3f9899a05d5c3e38434e50917147189dbaa074ed12b279
tracker-miners-debugsource-3.1.2-4.el9_2.aarch64.rpm SHA-256: 1e66cc149f5e79bf3fb92f49e6583231740e6546bb23f51e9fa222a726e4c19a

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
tracker-miners-3.1.2-4.el9_2.src.rpm SHA-256: e4437b06972d8fd54e79c8fad6087b3cd1023c43fe3ba85e6bd1d6568cb1b9fc
ppc64le
tracker-miners-3.1.2-4.el9_2.ppc64le.rpm SHA-256: ac4fea172f8b743ebad0bb4e1d64641cd83dd9ac43542da23f0bb50aaa6b24d9
tracker-miners-debuginfo-3.1.2-4.el9_2.ppc64le.rpm SHA-256: 82d1f44d024f9ea0edd58a883fdaa4576d3b5ee2efe5f8c611a88c6111ec1b8e
tracker-miners-debugsource-3.1.2-4.el9_2.ppc64le.rpm SHA-256: 5279c4b7d925ec35ef2d31a5161d75d2492b49dd9c0aa366bff183518623c56d

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
tracker-miners-3.1.2-4.el9_2.src.rpm SHA-256: e4437b06972d8fd54e79c8fad6087b3cd1023c43fe3ba85e6bd1d6568cb1b9fc
x86_64
tracker-miners-3.1.2-4.el9_2.x86_64.rpm SHA-256: d54ad7a136e0cf9cf50ca9721e5853a4da3c74c07f3323a08f1d8c357abad6d6
tracker-miners-debuginfo-3.1.2-4.el9_2.x86_64.rpm SHA-256: 34dc7d43c05e29a5c3e1d77e60bf108bdc472c93fca02c4b1cdd3d4c77ad75f3
tracker-miners-debugsource-3.1.2-4.el9_2.x86_64.rpm SHA-256: 906a7090cf6f88e3201284687f8e1e71257378960a13d173dd1a59585ac45f72

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
tracker-miners-3.1.2-4.el9_2.src.rpm SHA-256: e4437b06972d8fd54e79c8fad6087b3cd1023c43fe3ba85e6bd1d6568cb1b9fc
aarch64
tracker-miners-3.1.2-4.el9_2.aarch64.rpm SHA-256: 03ee0047512e4cfdbca71af519d6c6dc6cb208e11f688ee7aeaec18c60857b79
tracker-miners-debuginfo-3.1.2-4.el9_2.aarch64.rpm SHA-256: 99546676bc60a44e9c3f9899a05d5c3e38434e50917147189dbaa074ed12b279
tracker-miners-debugsource-3.1.2-4.el9_2.aarch64.rpm SHA-256: 1e66cc149f5e79bf3fb92f49e6583231740e6546bb23f51e9fa222a726e4c19a

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
tracker-miners-3.1.2-4.el9_2.src.rpm SHA-256: e4437b06972d8fd54e79c8fad6087b3cd1023c43fe3ba85e6bd1d6568cb1b9fc
s390x
tracker-miners-3.1.2-4.el9_2.s390x.rpm SHA-256: 69202a28700415f31620f8758fef8c11801b5f0d23dbca9bcc45a7d3b7b1657b
tracker-miners-debuginfo-3.1.2-4.el9_2.s390x.rpm SHA-256: 9adc11da1a671ffea73d39133f38526faf3725203603931f936c697df063902e
tracker-miners-debugsource-3.1.2-4.el9_2.s390x.rpm SHA-256: 73fe3f95262579951ba495e244c4fcc80f3a00dc5c289811fdd6b8ee18f78be3

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2

SRPM
tracker-miners-3.1.2-4.el9_2.src.rpm SHA-256: e4437b06972d8fd54e79c8fad6087b3cd1023c43fe3ba85e6bd1d6568cb1b9fc
x86_64
tracker-miners-3.1.2-4.el9_2.x86_64.rpm SHA-256: d54ad7a136e0cf9cf50ca9721e5853a4da3c74c07f3323a08f1d8c357abad6d6
tracker-miners-debuginfo-3.1.2-4.el9_2.x86_64.rpm SHA-256: 34dc7d43c05e29a5c3e1d77e60bf108bdc472c93fca02c4b1cdd3d4c77ad75f3
tracker-miners-debugsource-3.1.2-4.el9_2.x86_64.rpm SHA-256: 906a7090cf6f88e3201284687f8e1e71257378960a13d173dd1a59585ac45f72

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2

SRPM
tracker-miners-3.1.2-4.el9_2.src.rpm SHA-256: e4437b06972d8fd54e79c8fad6087b3cd1023c43fe3ba85e6bd1d6568cb1b9fc
aarch64
tracker-miners-3.1.2-4.el9_2.aarch64.rpm SHA-256: 03ee0047512e4cfdbca71af519d6c6dc6cb208e11f688ee7aeaec18c60857b79
tracker-miners-debuginfo-3.1.2-4.el9_2.aarch64.rpm SHA-256: 99546676bc60a44e9c3f9899a05d5c3e38434e50917147189dbaa074ed12b279
tracker-miners-debugsource-3.1.2-4.el9_2.aarch64.rpm SHA-256: 1e66cc149f5e79bf3fb92f49e6583231740e6546bb23f51e9fa222a726e4c19a

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2

SRPM
tracker-miners-3.1.2-4.el9_2.src.rpm SHA-256: e4437b06972d8fd54e79c8fad6087b3cd1023c43fe3ba85e6bd1d6568cb1b9fc
ppc64le
tracker-miners-3.1.2-4.el9_2.ppc64le.rpm SHA-256: ac4fea172f8b743ebad0bb4e1d64641cd83dd9ac43542da23f0bb50aaa6b24d9
tracker-miners-debuginfo-3.1.2-4.el9_2.ppc64le.rpm SHA-256: 82d1f44d024f9ea0edd58a883fdaa4576d3b5ee2efe5f8c611a88c6111ec1b8e
tracker-miners-debugsource-3.1.2-4.el9_2.ppc64le.rpm SHA-256: 5279c4b7d925ec35ef2d31a5161d75d2492b49dd9c0aa366bff183518623c56d

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2

SRPM
tracker-miners-3.1.2-4.el9_2.src.rpm SHA-256: e4437b06972d8fd54e79c8fad6087b3cd1023c43fe3ba85e6bd1d6568cb1b9fc
s390x
tracker-miners-3.1.2-4.el9_2.s390x.rpm SHA-256: 69202a28700415f31620f8758fef8c11801b5f0d23dbca9bcc45a7d3b7b1657b
tracker-miners-debuginfo-3.1.2-4.el9_2.s390x.rpm SHA-256: 9adc11da1a671ffea73d39133f38526faf3725203603931f936c697df063902e
tracker-miners-debugsource-3.1.2-4.el9_2.s390x.rpm SHA-256: 73fe3f95262579951ba495e244c4fcc80f3a00dc5c289811fdd6b8ee18f78be3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.