CVE-2017-14500

NameCVE-2017-14500
DescriptionImproper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1104-1, DSA-3977-1
NVD severitymedium (attack range: remote)
Debian Bugs876004

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
newsbeuter (PTS)wheezy2.5-2+deb7u1vulnerable
wheezy (security)2.5-2+deb7u3fixed
jessie2.8-2vulnerable
jessie (security)2.8-2+deb8u2fixed
stretch (security), stretch2.9-5+deb9u2fixed
buster, sid2.9-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
newsbeutersource(unstable)2.9-7medium876004
newsbeutersourcejessie2.8-2+deb8u2mediumDSA-3977-1
newsbeutersourcestretch2.9-5+deb9u2mediumDSA-3977-1
newsbeutersourcewheezy2.5-2+deb7u3mediumDLA-1104-1

Notes

http://openwall.com/lists/oss-security/2017/09/16/1
newsbeuter-2.9.x: https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333
master: https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260
https://github.com/akrennmair/newsbeuter/issues/598

Search for package or bug name: Reporting problems