The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Liferea: feed list disclosure

Synthesis of the vulnerability 

A local attacker can obtain the list of RSS feeds of Liferea users.
Vulnerable systems: Fedora, Unix (platform) ~ not comprehensive.
Severity of this threat: 1/4.
Creation date: 02/11/2007.
Références of this weakness: CVE-2007-5751, FEDORA-2007-2725, FEDORA-2007-2853, VIGILANCE-VUL-7304.

Description of the vulnerability 

The Liferea program is a RSS feed reader.

The list of RSS feeds tracked by user is stored in the feedlist.opml file. When this file is modified, a backup copy is created. However, permissions on this copy are 0644, which permits all local users to read the file.

A local attacker can therefore obtain the list of feeds tracked by Liferea users.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability alert impacts software or systems such as Fedora, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this computer weakness alert is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this computer vulnerability.

Solutions for this threat 

Liferea: version 1.4.6.
Version 1.4.6 is corrected:
  http://sourceforge.net/projects/liferea/

Fedora 7: new liferea packages.
New packages are available:
58b649d305844d8307973d297c42def67bed8588 liferea-debuginfo-1.2.23-4.fc7.ppc64.rpm
f03233bb9402d43e61d9ca9e6e40690be3b060c4 liferea-1.2.23-4.fc7.ppc64.rpm
ee9f5868eb25e35253a55263616d89976cb72986 liferea-1.2.23-4.fc7.i386.rpm
33b62de87962c4665be67c3749c5cea5da26d461 liferea-debuginfo-1.2.23-4.fc7.i386.rpm
e2f577907f884e1e12110591d8186421546c23a5 liferea-debuginfo-1.2.23-4.fc7.x86_64.rpm
76f78ed739be337c951295d55f10ed4a1a0c5fce liferea-1.2.23-4.fc7.x86_64.rpm
9837904993244941fd70ae43b52248815ff389a8 liferea-debuginfo-1.2.23-4.fc7.ppc.rpm
ae2bf1c3d2b8fabf6dc7b328f4d3bf1815d8d57c liferea-1.2.23-4.fc7.ppc.rpm
e33fa2b4153d81f3b500b2bcd052298e35ea3286 liferea-1.2.23-4.fc7.src.rpm

Fedora 8: new liferea packages.
New packages are available:
f822106ef94b976c22c09548efd144e5f85f1c52 liferea-1.2.23-5.fc8.ppc64.rpm
496923b273154092896797b01e7651c2e7e2022c liferea-debuginfo-1.2.23-5.fc8.ppc64.rpm
eb3e8e86a07dd114c619091b113e3829377c82b3 liferea-debuginfo-1.2.23-5.fc8.i386.rpm
eb5fa377020c152a4ff394b67ace712292c78e09 liferea-1.2.23-5.fc8.i386.rpm
a7fee00c1e50a869958a3c2f02c39d1857781cbc liferea-debuginfo-1.2.23-5.fc8.x86_64.rpm
672f535b2d95b0027b74d9530cead073840dfeb8 liferea-1.2.23-5.fc8.x86_64.rpm
46e55dff6de7e5a18ba21cfd9471015f7f7512d2 liferea-debuginfo-1.2.23-5.fc8.ppc.rpm
035bc157285298bd571ba94373ee5b65833cab3e liferea-1.2.23-5.fc8.ppc.rpm
1ed414168d36b58f8dcf4ac09b9cb6dc198a7e56 liferea-1.2.23-5.fc8.src.rpm
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides application vulnerability analysis. The technology watch team tracks security threats targeting the computer system.