Liferea Update Closes Security Hole
The new stable version 1.4.6 of the Liferea newsfeed reader fixes several bugs including a vulnerability.
In the release notes Lars Lindner reports that a bug concerning backups of the "feedlist.opml" file has been fixed. This is the file that Liferea uses to store the user’s news sources. After writing feedlist.opml, the program set incorrect permissions when creating the backup file. Local users could have exploited this to sniff passwords and user accounts on the system.
The vulnerability affects all versions including the current 1.4.6 version. Users are advised to update. The bugfix release is available as a source code archive from Sourceforge.
Issue 161/2014
Buy this issue as a PDF
Digital Issue: Price $9.99
(incl. VAT)
Tag Cloud
News
-
New TLS Attack Takes the S out of HTTPS
Vulnerability affects many Linux web servers
-
Munich Adopts Kolab
The Bavarian capital shuns Microsoft, Google, and other alternatives to implement an open source groupware solution.
-
Canonical Announces Ubuntu Smartphones
Phone vendor partnerships bring Mark Shuttleworth's dream of Ubuntu on a phone a step closer to reality.
-
Piviti Seeks Funding
Donors will get to vote on new features for the free video editor.
-
Debian Tech Committee Votes for systemd
Debian project puts init out to pasture and says no to Ubuntu's Upstart.
-
The Mask: Scary New Face of Internet Intrusion
Ultra-sophisticated attack tool might have originated from a state-sponsored intelligence service.
-
Epoch 1.0 Released
New alternative for init comes with a small footprint and minimal configuration.
-
Wayland 1.4 Challenges X11
X marks the target for the next-generation windowing system.
-
Red Hat Adopts CentOS
Super-clone CentOS Linux gets beamed up to the mother ship.
-
W3C Promotes Media Source Extensions
HTML technology will enable new video editing and playback options.