Mageia 8: 2023-0103 Urgent: Liferea Remote Code Execution Vulnerability

mageia

March 18, 2023

Remote code execution on feed enrichment

Summary

Remote code execution on feed enrichment. If "Extract full content from HTML5 and Google AMP" has been enabled for one or more feed subscriptions it is possible for a an attacker to inject a script command that runs with user priveleges. (CVE-2023-1350)

References

- https://bugs.mageia.org/show_bug.cgi?id=31664

- https://github.com/lwindolf/liferea/releases/tag/v1.12.10

- https://www.cve.org/CVERecord?id=CVE-2023-1350

Topics Covered

security advisory critical remote code execution script injection Mageia Liferea

Resolution

SRPMS

- 8/core/liferea-1.12.10-1.1.mga8

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 18 Mar 2023

URL: https://advisories.mageia.org/MGASA-2023-0103.html

Type: security

CVE: CVE-2023-1350

Topics Covered

security advisory critical remote code execution script injection Mageia Liferea

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 8: 2023-0103 Urgent: Liferea Remote Code Execution Vulnerability

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 8: 2023-0103 Urgent: Liferea Remote Code Execution Vulnerability

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!