Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
91
security advisoryremote code executionvulnerabilityGentoo: GLSA 202407-04 Critical: Gnome-shell Privilege Escalation
A vulnerability has been discovered in Liferea, which can lead to remote code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202407-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Liferea: Remote Code Execution Date: July 01, 2024 Bugs: #901085 ID: 202407-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Liferea, which can lead to remote code execution. Background ========== Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ net-news/liferea < 1.12.10 > = 1.12.10 Description =========== A vulnerability has been discovered in Liferea. Please review the CVE identifier referenced below for details. Impact ====== A vulnerability was found in liferea. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source can lead to os command injection. The attack may be launched remotely. Workaround ========== There is no known workaround at this time. Resolution ========== All Liferea users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-news/liferea-1.12.10" References ========== [ 1 ] CVE-2023-1350 https://nvd.nist.gov/vuln/detail/CVE-2023-1350 Availability ============ This GLSA and any updates to it are available forviewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202407-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 01, 2024
Gentoo
202
security advisoryremote code executionimportantopenSUSE: 2023:0096-1 Critical: Liferea Remote Code Execution
An update that solves one vulnerability and has one errata is now available. . openSUSE Security Update: Security update for liferea ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0096-1 Rating: important References: #1193579 #1209190 Cross-References: CVE-2023-1350 CVSS scores: CVE-2023-1350 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-1350 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: liferea was updated to version 1.14.1: + Fix CVE-2023-1350 - Remote code execution on feed enrichment (boo#1209190). Update to version 1.14.0: + New 'Reader mode' preference that allows stripping all web content + Implement support for Webkits Intelligent Tracking Protection + New progress bar when loading websites + Youtube videos from media:video can be embedded now with a click on the video preview picture. + Changes to UserAgent handling: same UA is now used for both feed fetching and internal browsing. + New view mode 'Automatic' which switches between 'Normal' and 'Wide' mode based on the window proportions. + Liferea now supports the new GTK dark theme logic, where in the GTK/GNOME preferences you define wether you "prefer" dark mode or light mode + Favicon discovery improvements: now detects all types of Apple Touch Icons, MS Tile Images and Safari Mask Icons + Increase size of stored favicons to 128x128px to improve icon quality in 3-pane wide view. + Make several plugins support gettext + Allow mutiple feed in same libnotify notification + Redesign of the update message in the status bar. It now shows a update counter of the feeds being in update. + You can now export a feed to XML file + Added an option to show news bins in reduced feed list + Added menu option to send item per mail + Default to https:// instead of http:// when user doesn't provide protocol on subscribing feed + Implement support for subscribing to LD+Json metadata listings e.g. concert or theater event listings + Implement support for subscribing to HTML5 websites + Support for media:description field of Youtube feeds + Improve HTML5 extraction: extract main tag if it exists and no article was found. + Execute feed pipe/filter commands asynchronously + Better explanation of feed update errors. + Added generic Google Reader API support (allows using FeedHQ, FreshRSS, Miniflux...) + Now allow converting TinyTinyRSS subscriptions to local subscriptions + New search folder rule to match podcasts + New search folder rule to match headline authors + New search folder rule to match subscription source + New search folder rule to match parent folder name + New search folder property that allows hiding read items + Now search folders are automatically rebuild when rules are changed + Added new plugin 'add-bookmark-site' that allows to configure a custom bookmarking site. + Added new plugin 'getfocus' that adds transparency on the feed list when it is not focussed. + Trayicon plugin has now a configuration option to change the behaviour when closing Liferea. + Trayicon plugin has now an option to disable minimizing to tray + New hot key Ctrl-D for 'Open in External Browser' + New hot key F10 for headerbar plugin to allow triggering the hamburger menu + New hot key Ctrl-0 to reset zoom + New hot key Ctrl-O to open enclosures + Fix hidden panes, Liferea will never allow the panes to be smaller than 5% in height or width + Wait for network to be fully available before updating + 2-pane mode was removed + Dropped CDF channelsupport + Dropped Atom 0.2/0.3 (aka Pie) support + Dropped blogChannel namespace support + Dropped photo namespace support - Require python3-cairo; needed for tray icon (boo#1193579). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-96=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): liferea-1.14.1-bp154.2.3.1 liferea-debuginfo-1.14.1-bp154.2.3.1 liferea-debugsource-1.14.1-bp154.2.3.1 - openSUSE Backports SLE-15-SP4 (noarch): liferea-lang-1.14.1-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-1350.html https://bugzilla.suse.com/1193579 https://bugzilla.suse.com/1209190 . Important openSUSE Security Patch for liferea addresses a remote code execution vulnerability identified as CVE-2023-1350.. openSUSE Security, Liferea Update, Remote Code Execution. . Severity: Critical. LinuxSecurity.com Team
Apr 27, 2023
•Critical
OpenSUSE
89
security advisorycriticalFedoraFedora 36 Liferea RCE Fix: FEDORA-2023-f0ee64e7ec Critical Advisory
Security fix for CVE-2023-1350. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-f0ee64e7ec 2023-03-23 01:23:07.726105 --------------------------------------------------------------------------------Name : liferea Product : Fedora 36 Version : 1.14.1 Release : 1.fc36 URL : Summary : An RSS/RDF feed reader Description : Liferea (Linux Feed Reader) is an RSS/RDF feed reader. It's intended to be a clone of the Windows-only FeedReader. It can be used to maintain a list of subscribed feeds, browse through their items, and show their contents. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2023-1350 --------------------------------------------------------------------------------ChangeLog: * Mon Mar 13 2023 Emmanuel Seyman - 1:1.14.1-1 - Update to 1.14.1 (thanks to mikelo2) (#2177773) * Thu Jan 26 2023 josef radinger - 1:1.14.0-1 - bump version * Thu Jan 19 2023 Fedora Release Engineering - 1:1.13.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Wed Jul 27 2022 josef radinger - 1:1.13.9-1 - bump version * Thu Jul 21 2022 Fedora Release Engineering - 1:1.13.8-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Sat Apr 9 2022 Mamoru TASAKA - 1:1.13.8-2 - Add Italian man file * Fri Apr 8 2022 josef radinger - 1:1.13.8-1 - bump version --------------------------------------------------------------------------------References: [ 1 ] Bug #2177771 - CVE-2023-1350 liferea: RCE vulnerability on feed enrichment https://bugzilla.redhat.com/show_bug.cgi?id=2177771 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-f0ee64e7ec' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 23, 2023
•Critical
Fedora
89
security advisorycriticalsoftware updateFedora 38 Liferea: 2023-5a91738e22 Critical Remote Code Execution Fix
Security fix for CVE-2023-1350. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-5a91738e22 2023-03-23 00:15:37.853018 --------------------------------------------------------------------------------Name : liferea Product : Fedora 38 Version : 1.14.1 Release : 1.fc38 URL : Summary : An RSS/RDF feed reader Description : Liferea (Linux Feed Reader) is an RSS/RDF feed reader. It's intended to be a clone of the Windows-only FeedReader. It can be used to maintain a list of subscribed feeds, browse through their items, and show their contents. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2023-1350 --------------------------------------------------------------------------------ChangeLog: * Mon Mar 13 2023 Emmanuel Seyman - 1:1.14.1-1 - Update to 1.14.1 (thanks to mikelo2) (#2177773) --------------------------------------------------------------------------------References: [ 1 ] Bug #2177771 - CVE-2023-1350 liferea: RCE vulnerability on feed enrichment https://bugzilla.redhat.com/show_bug.cgi?id=2177771 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-5a91738e22' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 23, 2023
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!