liferea

2008-01-15

Page content

Author: voroskoi
Vulnerable: 1.2.23-2sayshell1
Unaffected: 1.2.23-2sayshell2

A security issue has been reported in Liferea, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the Liferea starter script incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges e.g. by tricking a user into running Liferea in a directory containing a malicious library.

Bug Tracker URL: http://bugs.frugalware.org/task/2606

CVEs:

There is no CVE for this issue.