CVE-2023-1350 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-1350 Interim 1 8 2025-02-16T02:37:36Z current 2023-03-14T00:16:51Z 2025-02-16T02:37:36Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-1350 A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U2XWO532L7BXCMKLBA5M4DP7HIU4NSO2/ E-Mail link for openSUSE-SU-2023:0096-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server Teradata 12 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 SUSE Package Hub 15 SP4 openSUSE Leap 15.4 openSUSE Tumbleweed liferea liferea-1.14.1-1.1 liferea-1.14.1-bp154.2.3.1 liferea-lang liferea-lang-1.14.1-1.1 liferea-lang-1.14.1-bp154.2.3.1 liferea-1.14.1-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 liferea-lang-1.14.1-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 liferea-1.14.1-bp154.2.3.1 as a component of openSUSE Leap 15.4 liferea-lang-1.14.1-bp154.2.3.1 as a component of openSUSE Leap 15.4 liferea-1.14.1-1.1 as a component of openSUSE Tumbleweed liferea-lang-1.14.1-1.1 as a component of openSUSE Tumbleweed liferea as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 liferea as a component of SUSE Linux Enterprise Server 12 SP2-BCL liferea-lang as a component of SUSE Linux Enterprise Server 12 SP2-BCL liferea as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS liferea-lang as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS liferea as a component of SUSE Linux Enterprise Server 12 SP4-LTSS liferea-lang as a component of SUSE Linux Enterprise Server 12 SP4-LTSS liferea as a component of SUSE Linux Enterprise Server 12 SP5 liferea-lang as a component of SUSE Linux Enterprise Server 12 SP5 liferea as a component of SUSE Linux Enterprise Server Teradata 12 SP3 liferea as a component of SUSE Linux Enterprise Server Teradata 12 SP3-LTSS liferea as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 liferea-lang as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 liferea as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 liferea as a component of SUSE OpenStack Cloud 9 liferea-lang as a component of SUSE OpenStack Cloud 9 liferea as a component of SUSE OpenStack Cloud Crowbar 9 liferea-lang as a component of SUSE OpenStack Cloud Crowbar 9 A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848. CVE-2023-1350 SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1 SUSE Package Hub 15 SP4:liferea-lang-1.14.1-bp154.2.3.1 openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1 openSUSE Leap 15.4:liferea-lang-1.14.1-bp154.2.3.1 openSUSE Tumbleweed:liferea-1.14.1-1.1 openSUSE Tumbleweed:liferea-lang-1.14.1-1.1 SUSE Linux Enterprise High Performance Computing 12 SP5:liferea SUSE Linux Enterprise Server 12 SP2-BCL:liferea SUSE Linux Enterprise Server 12 SP2-BCL:liferea-lang SUSE Linux Enterprise Server 12 SP4-ESPOS:liferea SUSE Linux Enterprise Server 12 SP4-ESPOS:liferea-lang SUSE Linux Enterprise Server 12 SP4-LTSS:liferea SUSE Linux Enterprise Server 12 SP4-LTSS:liferea-lang SUSE Linux Enterprise Server 12 SP5:liferea SUSE Linux Enterprise Server 12 SP5:liferea-lang SUSE Linux Enterprise Server Teradata 12 SP3-LTSS:liferea SUSE Linux Enterprise Server Teradata 12 SP3:liferea SUSE Linux Enterprise Server for SAP Applications 12 SP4:liferea SUSE Linux Enterprise Server for SAP Applications 12 SP4:liferea-lang SUSE Linux Enterprise Server for SAP Applications 12 SP5:liferea SUSE OpenStack Cloud 9:liferea SUSE OpenStack Cloud 9:liferea-lang SUSE OpenStack Cloud Crowbar 9:liferea SUSE OpenStack Cloud Crowbar 9:liferea-lang important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H