1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3977-1] newsbeuter security update

    From Salvatore Bonaccorso@1:229/2 to All on Mon Sep 18 20:40:01 2017
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3977-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2017 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : newsbeuter
    CVE ID : CVE-2017-14500
    Debian Bug : 876004

    It was discovered that podbeuter, the podcast fetcher in newsbeuter, a text-mode RSS feed reader, did not properly escape the name of the media enclosure (the podcast file), allowing a remote attacker to run an
    arbitrary shell command on the client machine. This is only exploitable
    if the file is also played in podbeuter.

    For the oldstable distribution (jessie), this problem has been fixed
    in version 2.8-2+deb8u2.

    For the stable distribution (stretch), this problem has been fixed in
    version 2.9-5+deb9u2.

    For the unstable distribution (sid), this problem has been fixed in
    version 2.9-7.

    We recommend that you upgrade your newsbeuter packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlnADsJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S0FhAAnP699PdVTsMlDXFkbIkZjh8P+MYDuOHB2WUWqTEtXl5y4XATOyMt0J6L FcFQvFFaQ07uqGH23KqJu9mIAoeNa8S6QRc+THvnsMNqF3GiqJuqJlswRcpEH1/j /Kz8K5+MlQBiBMWfBvg8YmavMdC8O4OHYIo0AheJAgrJYlBpB8kNkMljSUoXNlxf l6CfkXecS63nB7iY5OIERrUARU5J24aiMnbFNDrqBS5DyBc7O5H20I7SuMiWuN71 7TKFKPaAxJ/sm+81BNWPzCf0WwMIYvyG0oc+NidNfm+wcAZh73fDqpHT9hyPkroZ B7yjBwn7gCjWEJ5lQ/yWTMbdGR8PvgiwthzOBO1agTRF5Spb2VHPSvhpTs/f1o02 zuKDoSlNWcfAfI+EaMYHJQjS+Lc/EHBoT7PNJLQUXmkLhE7dved1V5Trr2J0d+vg FhazAb3bzMOVOLFKBum9vq+yyaAD1px2EnbCJdLUvvxvBCilFrSW6snqOOUbSSAm HX4Z9t6TZCgV8xuKT8Vy4ryQnQ0NusqweWu5i9X8g8ko16O1p8zjNglpaM4/G8PI uhp1cWZmJ1RsQlkTrYeMmJ4sbvCE9MorI76gRDjKHZq8khZ0z6tQH6rc62GDy6Ar vMRvdz/uotHcTPo+RdfyRu8IP9/o+3dpt0Zk4X8hB1g9GByrDI4=
    =cnx6
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)