==========================================================================
Ubuntu Security Notice USN-4585-1
October 15, 2020
newsbeuter vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
Summary:
Newsbeuter could be made to crash or run programs as your login if it
opened a malicious file.
Software Description:
– newsbeuter: open-source RSS/Atom feed reader for text terminals
Details:
It was discovered that Newsbeuter didn’t handle the command line input
properly. An remote attacker could use it to ran remote code by crafting
a special input file. (CVE-2017-12904)
It was discovered that Newsbeuter didn’t handle metacharacters in its
filename properly. An remote attacker could use it to ran remote code by
crafting a special filename. (CVE-2017-14500)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
newsbeuter 2.9-3ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4585-1
CVE-2017-12904, CVE-2017-14500
Package Information:
https://launchpad.net/ubuntu/+source/newsbeuter/2.9-3ubuntu0.1
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl+I0nEACgkQbUp5kL3i
zGb09Q//cYxK2IVBvZ4t8AQwLbFzMGKpy4PMpIiAJKwKYIKABEN5kxSAPN6ROKKj
NXNmIXSDlc4znfdLqE0E2QjmjmkE1XvpOU5nx6qJSQEPc3pxh1ifbiYmOadL87H9
tg/fei4sLM/IMAMuIvZ/FNtmcpZ3hfujvCnMn3h8Kkd9fwTOUMPfMU8N3HWt9p04
38pVvvliorHjHLlYkO/WCmlhZKkZsKu54YRja7thuOlD9aJG/EvXd0/Kpqnyvc85
INoB4sXnQy/gsMBtRxiGivx6WYKpm9tr5sKdtYIzDYVwCAvdZXnLHC8j1ej3e4si
B4QxCj5wYPNwOOTyybIQQu3tpmqThZEBvey9K9CzGnv65EpYH/4qL9gGUeY51s/r
GLq0GP87U7ujnmP28eVngzRUpi8pzwf1CzNNUZWEBq5+lpl7BKaSY9/cel4pF1/6
CCSRqgKy3ctzW/VfLjuXqaO/ltl/U+WboM5o4eHgxwgpWvEBXvPaqa4nKeJsbbM7
tZGUeKBP9kZkWgsqoeNFX5Z6hY2sa0kvSU/OVK28MY0to+D6Zema145M+X8EGTJU
Hsw2lrH3WfeJWfhsfMV7clZMhuDDbyl0iCTXFRtsg/em4vyHxQ72W7emBU2TdRzD
DM9/X+mZDIF+Ui4SU0wk1+Jskf684GhGtjES7oiiNczrVe0djl4=
=rTj+
—–END PGP SIGNATURE—–
—