Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
172
security advisoryremote code executionUbuntuUbuntu 16.04: USN-4585-1 Critical: newsbeuter Remote Code Execution
Newsbeuter could be made to crash or run programs as your login if it opened a malicious file.. =========================================================================Ubuntu Security Notice USN-4585-1 October 15, 2020 newsbeuter vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Newsbeuter could be made to crash or run programs as your login if it opened a malicious file. Software Description: - newsbeuter: open-source RSS/Atom feed reader for text terminals Details: It was discovered that Newsbeuter didn't handle the command line input properly. An remote attacker could use it to ran remote code by crafting a special input file. (CVE-2017-12904) It was discovered that Newsbeuter didn't handle metacharacters in its filename properly. An remote attacker could use it to ran remote code by crafting a special filename. (CVE-2017-14500) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: newsbeuter 2.9-3ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4585-1 CVE-2017-12904, CVE-2017-14500 Package Information: https://launchpad.net/ubuntu/+source/newsbeuter/2.9-3ubuntu0.1 . Upgrade your Ubuntu 16.04 LTS system because of vulnerabilities in newsbeuter that could lead to crashes or enable remote code execution through harmful files.. newsbeuter vulnerabilities, Ubuntu 16.04, remote code execution, system update. . Severity: Critical. LinuxSecurity.com Team
Oct 15, 2020
•Critical
Ubuntu
202
security advisorysoftware updatecode executionopenSUSE Leap 42.x 2018:0229-1 Important: Newsbeuter Code Execution
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for newsbeuter ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0229-1 Rating: important References: #1059057 Cross-References: CVE-2017-14500 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for newsbeuter fixes one issues. This security issue was fixed: - CVE-2017-14500: Improper Neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its filename (bsc#1059057). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-92=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2018-92=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (x86_64): newsbeuter-2.9-8.1 newsbeuter-debuginfo-2.9-8.1 newsbeuter-debugsource-2.9-8.1 - openSUSE Leap 42.3 (noarch): newsbeuter-lang-2.9-8.1 - openSUSE Leap 42.2 (noarch): newsbeuter-lang-2.9-2.6.1 - openSUSE Leap 42.2 (x86_64): newsbeuter-2.9-2.6.1 newsbeuter-debuginfo-2.9-2.6.1 newsbeuter-debugsource-2.9-2.6.1 References: https://www.suse.com/security/cve/CVE-2017-14500.html https://bugzilla.suse.com/show_bug.cgi?id=1059057 -- . Critical openSUSE security patch released for newsbeuter. Addresses vulnerability allowing code execution in specific versions.. OpenSUSE, Newsbeuter, Code Execution, Security Update. . Severity:Important. LinuxSecurity.com Team
Jan 26, 2018
•Important
OpenSUSE
202
security advisorysoftware updateremote code executionopenSUSE Leap 42.3: 2018:0166-1 Important: newsbeuter Remote Code Execution
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for newsbeuter ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0166-1 Rating: important References: #1054578 Cross-References: CVE-2017-12904 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for newsbeuter fixes one issues. This security issue was fixed: - CVE-2017-12904: Improper neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL (bsc#1054578). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-62=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2018-62=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (x86_64): newsbeuter-2.9-5.1 newsbeuter-debuginfo-2.9-5.1 newsbeuter-debugsource-2.9-5.1 - openSUSE Leap 42.3 (noarch): newsbeuter-lang-2.9-5.1 - openSUSE Leap 42.2 (noarch): newsbeuter-lang-2.9-2.3.1 - openSUSE Leap 42.2 (x86_64): newsbeuter-2.9-2.3.1 newsbeuter-debuginfo-2.9-2.3.1 newsbeuter-debugsource-2.9-2.3.1 References: https://www.suse.com/security/cve/CVE-2017-12904.html https://bugzilla.suse.com/show_bug.cgi?id=1054578 -- . A recent update for newsbeuter on openSUSE resolves a critical vulnerability linked to remote code execution. Discover further details here.. openSUSE, security update, newsbeuter, remote execution. . Severity: Important.LinuxSecurity.com Team
Jan 20, 2018
•Important
OpenSUSE
197
security advisoryupdatecriticalDebian 7 Wheezy DLA-1104-1 Critical: Newsbeuter Remote Execution
It was discovered that podbeuter, the podcast fetcher in newsbeuter, a text-mode RSS feed reader, did not properly escape the name of the media enclosure (the podcast file), allowing a remote attacker to run an arbitrary shell command on the client machine. This is only exploitable . Hash: SHA256 Package : newsbeuter Version : 2.5-2+deb7u3 CVE ID : CVE-2017-14500 Debian Bug : 876004 It was discovered that podbeuter, the podcast fetcher in newsbeuter, a text-mode RSS feed reader, did not properly escape the name of the media enclosure (the podcast file), allowing a remote attacker to run an arbitrary shell command on the client machine. This is only exploitable if the file is also played in podbeuter. For Debian 7 "Wheezy", these problems have been fixed in version 2.5-2+deb7u3. We recommend that you upgrade your newsbeuter packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance your newsbeuter setup to address a significant vulnerability that permits unauthorized command execution from a distance.. text-mode RSS, newsbeuter security, Debian update, remote execution. . Severity: Critical. LinuxSecurity.com Team
Sep 21, 2017
•Critical
Debian LTS
198
security advisoryhigh severitysecurity issueArch Linux: ASA-201708-15 High: Newsbeuter Remote Command Execution
The package newsbeuter before version 2.9-7 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-201708-15 ========================================= Severity: High Date : 2017-08-20 CVE-ID : CVE-2017-12904 Package : newsbeuter Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-384 Summary ====== The package newsbeuter before version 2.9-7 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 2.9-7. # pacman -Syu "newsbeuter> =2.9-7" The problem has been fixed upstream but no release is available yet. Workaround ========= Don't bookmark items. Description ========== An attacker can craft an RSS item with shell code in the title and/or URL. When such an item is bookmarked, the shell will execute that code. The vulnerability is triggered when bookmark-cmd is called. Impact ===== A remote attacker can execute an arbitrary command on the affected host by tricking a user into bookmarking a specially crafted RSS item. References ========= https://github.com/akrennmair/newsbeuter/issues/591 https://groups.google.com/forum/#!topic/newsbeuter/iFqSE7Vz-DE https://security.archlinux.org/CVE-2017-12904 . Arch Linux Security Announcement ASA-202309-10 details a critical vulnerability leading to potential remote code execution in newsboat.. Arbitrary Code Execution, Newsbeuter, High Severity Advisory. . LinuxSecurity.com Team
Aug 21, 2017
ArchLinux
197
security advisoryhigh severitydebianDebian 7 Wheezy: DLA-1061-1 High: Newsbeuter Remote Command Issue
Jeriko One discovered that newsbeuter, a text-mode RSS feed reader, did not properly escape the title and description of a news article when bookmarking it. This allowed a remote attacker to run an . Hash: SHA512 Package : newsbeuter Version : 2.5-2+deb7u2 CVE ID : CVE-2017-12904 Jeriko One discovered that newsbeuter, a text-mode RSS feed reader, did not properly escape the title and description of a news article when bookmarking it. This allowed a remote attacker to run an arbitrary shell command on the client machine. For Debian 7 "Wheezy", these problems have been fixed in version 2.5-2+deb7u2. We recommend that you upgrade your newsbeuter packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Patch for newsbeuter addresses a significant vulnerability identified by Jeriko One, mitigating threats of unauthorized command execution.. newsbeuter Security, Debian LTS, Remote Command Execution, Patch Update, Text-Mode Reader. . Severity: Important. LinuxSecurity.com Team
Aug 19, 2017
•Important
Debian LTS
87
security advisorycritical issuedebianUbuntu: USN-3947-1 High: newsbeuter Remote Code Execution
Jeriko One discovered that newsbeuter, a text-mode RSS feed reader, did not properly escape the title and description of a news article when bookmarking it. This allowed a remote attacker to run an arbitrary shell command on the client machine. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3947-1
Aug 18, 2017
•Important
Debian
91
security advisorygentoocode executionGentoo: GLSA-200809-12 Normal: Newsbeuter Remote Code Execution
Insufficient input validation in newsbeuter may allow remote attackers to execute arbitrary shell commands.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Newsbeuter: User-assisted execution of arbitrary code Date: September 22, 2008 Bugs: #236506 ID: 200809-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Insufficient input validation in newsbeuter may allow remote attackersto execute arbitrary shell commands. Background ========= Newsbeuter is a RSS/Atom feed reader for the text console. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-news/newsbeuter < 1.2 > = 1.2 Description ========== J.H.M. Dassen reported that the open-in-browser command does not properly escape shell metacharacters in the URL before passing it to system(). Impact ===== A remote attacker could entice a user to open a feed with specially crafted URLs, possibly resulting in the remote execution of arbitrary shell commands with the privileges of the user running the application. Workaround ========= There is no known workaround at this time. Resolution ========= All Newsbeuter users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-news/newsbeuter-1.2" References ========= [ 1 ] CVE-2008-3907 https://www.cve.org/CVERecord?id=CVE-2008-3907 Availability =========== This GLSA and any updates to itare available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200809-12 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Sep 22, 2008
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!