Liferea Update Closes Security Hole
The new stable version 1.4.6 of the Liferea newsfeed reader fixes several bugs including a vulnerability.
In the release notes Lars Lindner reports that a bug concerning backups of the "feedlist.opml" file has been fixed. This is the file that Liferea uses to store the user’s news sources. After writing feedlist.opml, the program set incorrect permissions when creating the backup file. Local users could have exploited this to sniff passwords and user accounts on the system.
The vulnerability affects all versions including the current 1.4.6 version. Users are advised to update. The bugfix release is available as a source code archive from Sourceforge.
Issue 18: Free From XP/Special Editions
Buy this issue as a PDF
Tag Cloud
News
-
Password Management Services Vulnerable to Attack
Should you trust an online service to store your online passwords?
-
New Raspberry Pi Adds Two USB Ports
New B+ board lets you build cool things without the complication of a powered USB hub.
-
Microsoft Grabs No-IP.com Domains
Redmond rushes in to root out alleged malware haven.
-
Firefox Steps into 3D
New initiative will bring futuristic virtual reality effects to the web surfing experience.
-
New Trojan Targets Online Banking
Dyreza malware launches a man-in-the-middle attack that compromises SSL.
-
HP Rolls Out Massive Cloud Network
New cloud combines worldwide access with local attention to data security.
-
New Attack Targets Wireless Logins
A first cousin of the recent Heartbleed attack affects EAP-based wireless and peer-to-peer authentication.
-
Geeks Petition for Free Lenovo BIOS
FOSS community acts to protect freedom of choice for laptop devices.
-
Firefox Says Yes to DRM
Quintessential open source browser shores up its market share with a step toward the proprietary dark side.
-
Webcam Hijackers Busted
Authorities in 16 countries take action against users of the imfamous BlackShades malware tool.