Liferea Update Closes Security Hole

Oct 31, 2007

Jan Rähm

The new stable version 1.4.6 of the Liferea newsfeed reader fixes several bugs including a vulnerability.

In the release notes Lars Lindner reports that a bug concerning backups of the "feedlist.opml" file has been fixed. This is the file that Liferea uses to store the user’s news sources. After writing feedlist.opml, the program set incorrect permissions when creating the backup file. Local users could have exploited this to sniff passwords and user accounts on the system.

The vulnerability affects all versions including the current 1.4.6 version. Users are advised to update. The bugfix release is available as a source code archive from Sourceforge.

Related content

Script Error Opens up Security Hole in Xen 3.0.3

A Red Hat update has just been released to close various vulnerabilities in the Xen virtualization solution, one of which was caused by an error in a Python script.

more »
Vulnerability in GNU "tar"

Linux distributor Red Hat has discovered a vulnerability in the GNU "tar" program that could allow attackers to overwrite files.

more »
Mozilla Closes Down Critical Security Holes

The Mozilla Foundation has just released Firefox version 2.0.0.10 which resolves three critical vulnerabilities – but new issues have already reared their ugly heads.

more »
Vulnerabilities in OpenSSL

Three security issues have been identified in the Open Source implementation of the SSL/TLS protocol, OpenSSL. The vulnerabilities allow targeted attacks.

more »
First Maintenance Update for Firefox 3

Mozilla has just released version 3.0.1 of the Firefox browser; the first maintenance update removes a couple of vulnerabilities and fixes a some minor bugs.

more »

comments powered by Disqus

Issue 202/2017

Buy this issue as a PDF

Digital Issue: Price $9.99

(incl. VAT)

DevOps

Reinvent your network with DevOps tools and techniques:

Opportunities and Risks: Containers for DevOps
Automated Builds Using CentOS 7 and Kickstart
Elasticsearch, Logstash, and Kibana – The ELK stack
Are you ready for DevOps? Try your luck with the beta version of Linux Professional Institute's new DevOps exam.

News

LibreOffice 5.4 Released

Comes with improved support for Microsoft Office file formats.
Red Hat to Drop Support for Btrfs

The company is building their own storage solution called Stratis.
Reinvent your network with DevOps tools and techniques:

Opportunities and Risks: Containers for DevOps
Automated Builds Using CentOS 7 and Kickstart
Elasticsearch, Logstash, and Kibana – The ELK stack
Are you ready for DevOps? Try your luck with the beta version of Linux Professional Institute's new DevOps exam.
Kolab Now Integrates Collabora Online

Kolab Now subscribers now have access to Collabora Online.
Endless OS, a Distribution Without Internet

A new version of Endless OS has been released.
GitHub Announces Open Source Friday Program

They encourage people to take time out and work on open source projects on Friday.
System76 Announces Their Own Distro, Pop!_OS

Pop!_OS is based on Ubuntu and uses the Gnome stack.
Linus Torvalds Talks About His Motivation

He never tires of working on the Linux kernel.
Debian 9 Stretches Its Wings

The new release of Debian has a very strong focus on security.
Trojan Turns Raspberry Pi into a Cryptocurrency Mining Device

Two trojans in the wild are targeting Linux machines.