Описание
Security update for newsbeuter
This update for newsbeuter fixes one issues.
This security issue was fixed:
- CVE-2017-12904: Improper neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL (bsc#1054578).
Список пакетов
openSUSE Leap 42.2
newsbeuter-2.9-5.1
newsbeuter-lang-2.9-5.1
openSUSE Leap 42.3
newsbeuter-2.9-5.1
newsbeuter-lang-2.9-5.1
Ссылки
- E-Mail link for openSUSE-SU-2018:0166-1
- SUSE Security Ratings
Описание
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.
Затронутые продукты
openSUSE Leap 42.2:newsbeuter-2.9-5.1
openSUSE Leap 42.2:newsbeuter-lang-2.9-5.1
openSUSE Leap 42.3:newsbeuter-2.9-5.1
openSUSE Leap 42.3:newsbeuter-lang-2.9-5.1
Ссылки
- CVE-2017-12904
- SUSE Bug 1054578