Discover Government News

MGASA-2023-0103 - Updated liferea packages fix security vulnerability

Publication date: 18 Mar 2023
URL: https://advisories.mageia.org/MGASA-2023-0103.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2023-1350

Remote code execution on feed enrichment. If "Extract full content from
HTML5 and Google AMP" has been enabled for one or more feed subscriptions
it is possible for a an attacker to inject a script command that runs
with user priveleges. (CVE-2023-1350)

References:
- https://bugs.mageia.org/show_bug.cgi?id=31664
- https://github.com/lwindolf/liferea/releases/tag/v1.12.10
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1350

SRPMS:
- 8/core/liferea-1.12.10-1.1.mga8

Mageia 2023-0103: liferea security update

Remote code execution on feed enrichment

Summary

Remote code execution on feed enrichment. If "Extract full content from HTML5 and Google AMP" has been enabled for one or more feed subscriptions it is possible for a an attacker to inject a script command that runs with user priveleges. (CVE-2023-1350)

References

- https://bugs.mageia.org/show_bug.cgi?id=31664

- https://github.com/lwindolf/liferea/releases/tag/v1.12.10

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1350

Resolution

MGASA-2023-0103 - Updated liferea packages fix security vulnerability

SRPMS

- 8/core/liferea-1.12.10-1.1.mga8

Severity
Publication date: 18 Mar 2023
URL: https://advisories.mageia.org/MGASA-2023-0103.html
Type: security
CVE: CVE-2023-1350

Related News