Explore top 10 tips to secure your open-source projects now. Read More
×
Newsbeuter could be made to crash or run programs as your login if it
opened a malicious file.
Software Description:
- newsbeuter: open-source RSS/Atom feed reader for text terminals
Details:
It was discovered that Newsbeuter didn't handle the command line input
properly. An remote attacker could use it to ran remote code by crafting
a special input file. (CVE-2017-12904)
It was discovered that Newsbeuter didn't handle metacharacters in its
filename properly. An remote attacker could use it to ran remote code by
crafting a special filename. (CVE-2017-14500)
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: newsbeuter 2.9-3ubuntu0.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4585-1
CVE-2017-12904, CVE-2017-14500
Get the latest Linux and open source security news straight to your inbox.