ASA-202107-39 log original external raw

[ASA-202107-39] racket: sandbox escape
Arch Linux Security Advisory ASA-202107-39 ========================================== Severity: Medium Date : 2021-07-20 CVE-ID : CVE-2021-32773 Package : racket Type : sandbox escape Remote : Yes Link : https://security.archlinux.org/AVG-2175 Summary ======= The package racket before version 8.2-1 is vulnerable to sandbox escape. Resolution ========== Upgrade to 8.2-1. # pacman -Syu "racket>=8.2-1" The problem has been fixed upstream in version 8.2. Workaround ========== None. Description =========== In Racket versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow system functions to be controlled by the attacker, giving access to facilities intended to be restricted. Impact ====== Code executed in the Racket sandbox could escape its confinement through attacker-created modules. References ========== https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c https://github.com/racket/racket/commit/9877b84eaadd14e54e555b9f0ac8d784474795ce https://security.archlinux.org/CVE-2021-32773