Liferea Update Closes Security Hole

Oct 31, 2007

Jan Rähm

The new stable version 1.4.6 of the Liferea newsfeed reader fixes several bugs including a vulnerability.

In the release notes Lars Lindner reports that a bug concerning backups of the "feedlist.opml" file has been fixed. This is the file that Liferea uses to store the user’s news sources. After writing feedlist.opml, the program set incorrect permissions when creating the backup file. Local users could have exploited this to sniff passwords and user accounts on the system.

The vulnerability affects all versions including the current 1.4.6 version. Users are advised to update. The bugfix release is available as a source code archive from Sourceforge.

News

KDE Announces Software Compilation 4.13

New release comes with better semantic search and improvements to Kontact.
Coverity: Open Source Code has Fewer Defects

Annual code quality report shows FOSS is more secure at all project size levels.
An Even Smaller Raspberry Pi

The Raspberry Pi Foundation has announced an even smaller version of the tiny computer that will fit into a DIMM slot.
Freaky Privilege Escalation Attack

A new class of problems lets a malicious app pre-configure an invisible privilege update.
Facebook Rolls Out New PHP-like Programming Language

New Hack language adds static typing and other conveniences.
Fedora Announces Innovative Crytography Policy System

New crypto policy system will offer easier configuration and more uniform security.
Shuttleworth Calls for Declarative Firmware

Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
New TLS Attack Takes the S out of HTTPS

Security

Vulnerability affects many Linux web servers
Munich Adopts Kolab

The Bavarian capital shuns Microsoft, Google, and other alternatives to implement an open source groupware solution.
Canonical Announces Ubuntu Smartphones

Mobile , Ubuntu

Phone vendor partnerships bring Mark Shuttleworth's dream of Ubuntu on a phone a step closer to reality.