MGASA-2023-0103 - Updated liferea packages fix security vulnerability Publication date: 18 Mar 2023 URL: https://advisories.mageia.org/MGASA-2023-0103.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-1350 Remote code execution on feed enrichment. If "Extract full content from HTML5 and Google AMP" has been enabled for one or more feed subscriptions it is possible for a an attacker to inject a script command that runs with user priveleges. (CVE-2023-1350) References: - https://bugs.mageia.org/show_bug.cgi?id=31664 - https://github.com/lwindolf/liferea/releases/tag/v1.12.10 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1350 SRPMS: - 8/core/liferea-1.12.10-1.1.mga8
Mageia 2023-0103: liferea security update
Remote code execution on feed enrichment
Summary
Remote code execution on feed enrichment. If "Extract full content from
HTML5 and Google AMP" has been enabled for one or more feed subscriptions
it is possible for a an attacker to inject a script command that runs
with user priveleges. (CVE-2023-1350)
References
- https://bugs.mageia.org/show_bug.cgi?id=31664
- https://github.com/lwindolf/liferea/releases/tag/v1.12.10
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1350
Resolution
MGASA-2023-0103 - Updated liferea packages fix security vulnerability
SRPMS
- 8/core/liferea-1.12.10-1.1.mga8
Severity
Publication date: 18 Mar 2023
URL: https://advisories.mageia.org/MGASA-2023-0103.html
Type: security
CVE: CVE-2023-1350
News
HOWTOs
Features
Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories
About Us
Powered By
