You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa newsbeuter

Sigurnosni nedostaci programskog paketa newsbeuter

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4585-1
October 15, 2020

newsbeuter vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Newsbeuter could be made to crash or run programs as your login if it
opened a malicious file.

Software Description:
– newsbeuter: open-source RSS/Atom feed reader for text terminals

Details:

It was discovered that Newsbeuter didn’t handle the command line input
properly. An remote attacker could use it to ran remote code by crafting
a special input file. (CVE-2017-12904)

It was discovered that Newsbeuter didn’t handle metacharacters in its
filename properly. An remote attacker could use it to ran remote code by
crafting a special filename. (CVE-2017-14500)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
newsbeuter 2.9-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4585-1
CVE-2017-12904, CVE-2017-14500

Package Information:
https://launchpad.net/ubuntu/+source/newsbeuter/2.9-3ubuntu0.1
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl+I0nEACgkQbUp5kL3i
zGb09Q//cYxK2IVBvZ4t8AQwLbFzMGKpy4PMpIiAJKwKYIKABEN5kxSAPN6ROKKj
NXNmIXSDlc4znfdLqE0E2QjmjmkE1XvpOU5nx6qJSQEPc3pxh1ifbiYmOadL87H9
tg/fei4sLM/IMAMuIvZ/FNtmcpZ3hfujvCnMn3h8Kkd9fwTOUMPfMU8N3HWt9p04
38pVvvliorHjHLlYkO/WCmlhZKkZsKu54YRja7thuOlD9aJG/EvXd0/Kpqnyvc85
INoB4sXnQy/gsMBtRxiGivx6WYKpm9tr5sKdtYIzDYVwCAvdZXnLHC8j1ej3e4si
B4QxCj5wYPNwOOTyybIQQu3tpmqThZEBvey9K9CzGnv65EpYH/4qL9gGUeY51s/r
GLq0GP87U7ujnmP28eVngzRUpi8pzwf1CzNNUZWEBq5+lpl7BKaSY9/cel4pF1/6
CCSRqgKy3ctzW/VfLjuXqaO/ltl/U+WboM5o4eHgxwgpWvEBXvPaqa4nKeJsbbM7
tZGUeKBP9kZkWgsqoeNFX5Z6hY2sa0kvSU/OVK28MY0to+D6Zema145M+X8EGTJU
Hsw2lrH3WfeJWfhsfMV7clZMhuDDbyl0iCTXFRtsg/em4vyHxQ72W7emBU2TdRzD
DM9/X+mZDIF+Ui4SU0wk1+Jskf684GhGtjES7oiiNczrVe0djl4=
=rTj+
—–END PGP SIGNATURE—–

AutorBruno Varga
Cert idNCERT-REF-2020-10-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa docker.io

Otkriven je sigurnosni nedostatak u programskom paketu docker.io za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....

Close