Dear users,
On the heels of the previous vulnerability we have a similar one in
Podbeuter.
An attacker can craft an RSS item where the name of media enclosure (the
podcast file) contains shell code. When user plays the file in
Podbeuter, the shell code will be executed. If you're using Podbeuter
only to *download* podcasts, not *play* them, you're safe.
Podbeuter versions 0.3 through 2.9 are affected.
I'm still waiting for CVE. (Submitted a request to MITRE on August 27th,
pinged them on September 9th, but got nothing back.)
Workaround
==========
Don't play any podcasts in Podbeuter until you apply the fix.
Resolution
==========
A fix has already been pushed to our Git repository:
https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260
A patch for 2.9 is also available:
https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333
I'll notify
oss-se...@lists.openwall.com, so distributions ought to
pick this up soon enough.
--
Regards,
Alexander Batischev
PGP key 356961A20C8BFD03
Fingerprint: CE6C 4307 9348 58E3 FD94 A00F 3569 61A2 0C8B FD03