2017-08-21 - newsbeuter security update (Stable Update)

Frische News und Updates zu Manjaro Linux finden sich zeitnah hier ein!
Antworten
Benutzeravatar

Themen Author
Blueriver
Moderator
Moderator
Beiträge: 2345
Registriert: Donnerstag 19. Mai 2016, 15:49
CPU: AMD Quad Core A8 3,6GHz
GPU: AMD/ATI Radeon R7
Kernel: 6.1
Desktop-Variante: XFCE und KDE Stable, Testing, Unstable
GPU Treiber: Free
Hat sich bedankt: 28 Mal
Danksagung erhalten: 151 Mal

2017-08-21 - newsbeuter security update (Stable Update)

#1

Beitrag von Blueriver »

Summary
The package newsbeuter before version 2.9-6.97 is vulnerable to arbitrary code execution.

If you use newsbeuter you should upgrade as soon as possible, or avoid bookmarking items until you upgrade.


Resolution
Upgrade to 2.9-6.97.

Code: Alles auswählen

# pacman -Syu “newsbeuter>=2.9-6.97”

Workaround
Don’t bookmark items.


Description
An attacker can craft an RSS item with shell code in the title and/or URL. When such an item is bookmarked, the shell will execute that code. The vulnerability is triggered when bookmark-cmd is called.


Impact
A remote attacker can execute an arbitrary command on the affected host by tricking a user into bookmarking a specially crafted RSS item.

References
https://github.com/akrennmair/newsbeuter/issues/591
https://groups.google.com/forum/#!topic ... FqSE7Vz-DE
https://security.archlinux.org/CVE-2017-12904

Quelle
Manjaro LXQT und XFCE Stable, Testing, Unstable
CPU: AMD Quad Core A8 3,6GHz
Graka: AMD/ATI Radeon R7
Treiber: Free
Kernel: 4.20
Nach oben
Antworten

Zurück zu „Manjaro Linux News und Updates“