[arch-security] [ASA-201708-15] newsbeuter: arbitrary code execution
Jelle van der Waa
jelle at archlinux.org
Mon Aug 21 11:13:38 UTC 2017
Arch Linux Security Advisory ASA-201708-15
==========================================
Severity: High
Date : 2017-08-20
CVE-ID : CVE-2017-12904
Package : newsbeuter
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-384
Summary
=======
The package newsbeuter before version 2.9-7 is vulnerable to arbitrary
code execution.
Resolution
==========
Upgrade to 2.9-7.
# pacman -Syu "newsbeuter>=2.9-7"
The problem has been fixed upstream but no release is available yet.
Workaround
==========
Don't bookmark items.
Description
===========
An attacker can craft an RSS item with shell code in the title and/or
URL. When such an item is bookmarked, the shell will execute that code.
The vulnerability is triggered when bookmark-cmd is called.
Impact
======
A remote attacker can execute an arbitrary command on the affected host
by tricking a user into bookmarking a specially crafted RSS item.
References
==========
https://github.com/akrennmair/newsbeuter/issues/591
https://groups.google.com/forum/#!topic/newsbeuter/iFqSE7Vz-DE
https://security.archlinux.org/CVE-2017-12904
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20170821/429f551b/attachment.asc>
More information about the arch-security
mailing list