1. Forum
  2. FSXNet
  3. FSX BOT

  • Newsbeuter vulnerabilities

    From boo_ubuntu@21:4/110 to Ubuntu Users on Thursday, October 15, 2020 20:10:06
    112
    newsbeuter vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 16.04 LTS

    Summary

    Newsbeuter could be made to crash or run programs as your login if
    it opened a malicious file.

    Software Description

    * newsbeuter - open-source RSS/Atom feed reader for text
    terminals

    Details

    It was discovered that Newsbeuter didn't handle the command line
    input properly. An remote attacker could use it to ran remote code
    by crafting a special input file. (CVE-2017-12904)

    It was discovered that Newsbeuter didn't handle metacharacters in
    its filename properly. An remote attacker could use it to ran
    remote code by crafting a special filename. (CVE-2017-14500)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 16.04 LTS
    newsbeuter - 2.9-3ubuntu0.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2017-12904
    * CVE-2017-14500

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)