openSUSE-SU-2018:0229-1

Опубликовано: 25 янв. 2018

Источник: suse-cvrf

Описание

Security update for newsbeuter

This update for newsbeuter fixes one issues.

This security issue was fixed:

CVE-2017-14500: Improper Neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its filename (bsc#1059057).

Список пакетов

openSUSE Leap 42.2

newsbeuter-2.9-8.1

newsbeuter-lang-2.9-8.1

openSUSE Leap 42.3

newsbeuter-2.9-8.1

newsbeuter-lang-2.9-8.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00058.html
E-Mail link for openSUSE-SU-2018:0229-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904.

Затронутые продукты

openSUSE Leap 42.2:newsbeuter-2.9-8.1

openSUSE Leap 42.2:newsbeuter-lang-2.9-8.1

openSUSE Leap 42.3:newsbeuter-2.9-8.1

openSUSE Leap 42.3:newsbeuter-lang-2.9-8.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-14500.html
CVE-2017-14500
https://bugzilla.suse.com/1059057
SUSE Bug 1059057

openSUSE-SU-2018:0229-1

Описание

Список пакетов

openSUSE Leap 42.2

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-14500

Описание

Затронутые продукты

Ссылки