==========================================================================
Ubuntu Security Notice USN-4585-1
October 15, 2020

newsbeuter vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Newsbeuter could be made to crash or run programs as your login if it
opened a malicious file.

Software Description:
- newsbeuter: open-source RSS/Atom feed reader for text terminals

Details:

It was discovered that Newsbeuter didn't handle the command line input
properly. An remote attacker could use it to ran remote code by crafting
a special input file. (CVE-2017-12904)

It was discovered that Newsbeuter didn't handle metacharacters in its
filename properly. An remote attacker could use it to ran remote code by
crafting a special filename. (CVE-2017-14500)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  newsbeuter                      2.9-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/4585-1
  CVE-2017-12904, CVE-2017-14500

Package Information:
  https://launchpad.net/ubuntu/+source/newsbeuter/2.9-3ubuntu0.1