{"id":43774,"date":"2023-03-15T16:03:57","date_gmt":"2023-03-15T16:03:57","guid":{"rendered":"https:\/\/ubuntuhandbook.org\/?p=43774"},"modified":"2023-03-15T16:03:57","modified_gmt":"2023-03-15T16:03:57","slug":"liferea-1-14-1-critical-security-fix","status":"publish","type":"post","link":"https:\/\/ubuntuhandbook.org\/index.php\/2023\/03\/liferea-1-14-1-critical-security-fix\/","title":{"rendered":"Liferea News Reader 1.14.1 Released with A Critical Security Fix"},"content":{"rendered":"

\"\"<\/a><\/p>\n

For users of Liferea feed reader, new version 1.14.1 and 1.12.10 were released few days ago. All users are urged to upgrade due to an important security fix.<\/p>\n

Liferea is a free open-source GTK3 feed reader that brings together all of the content from your favorite subscriptions into a simple interface. It can synchronizes with Reedah, TinyTinyRSS, and Google Reader API.<\/p>\n

Just few days ago, it release new point releases for its 1.14 and 1.12 release series with an important security fix.<\/p>\n

It’s CVE-2023-1350<\/a> Remote code execution on feed enrichment.<\/p>\n

If you have enabled “Extract full content from HTML5 and Google AMP” for one or more of your feed subscriptions it is possible for a an attacker to inject a script command that would run any command on your system.<\/p><\/blockquote>\n

All users are recommended to upgrade to the new release with this bug-fix.<\/p>\n

\"\"<\/a><\/p>\n

Without the upgrade, user can alternatively disable “Extract full content from HTML5 and Google AMP<\/i>” for all the feeds via following steps:<\/p>\n

    \n
  1. Close Liferea<\/li>\n
  2. Open ~\/.config\/liferea\/feedlist.opml<\/code> in an editor<\/li>\n
  3. Replace all occurences of html5Extract=\"true\"<\/code> with an empty string<\/li>\n<\/ol>\n

    How to Install Liferea 1.14.1 in Ubuntu:<\/h3>\n

    For most Linux, Liferea is available to install as Flatpak package<\/a>, that runs in sandbox.<\/p>\n

    Ubuntu users can also use the unofficial PPA<\/a>, which so far supports for Ubuntu 20.04<\/b>, Ubuntu 22.04<\/b>, Ubuntu 22.10<\/b>, Linux Mint 20\/21<\/b>, and their based systems.<\/p>\n

    1.<\/b> First, press Ctrl+Alt+T<\/b> on keyboard to open terminal. When it opens, run command to add the PPA:<\/p>\n

    sudo add-apt-repository ppa:ubuntuhandbook1\/apps<\/pre>\n
    Type user password (no asterisk feedback) and hit Enter to continue.<\/i><\/p>\n
    \"\"<\/a><\/p>\n
    2.<\/b> Then, install the Liferea package by running command:<\/p>\n
    sudo apt install liferea<\/pre>\n
    Linux Mint user may have to run sudo apt update<\/code> first to update cache.<\/i><\/p>\n
    \"\"<\/a><\/p>\n
    Uninstall:<\/h3>\n
    The PPA also contains some other software packages, so you may remove it immediately after installed Liferea.<\/p>\n
    To do so, either run the command below in terminal, or remove the source line under “Other Software”<\/b> tab in Software & Updates<\/b> tool.<\/p>\n
    sudo add-apt-repository --remove ppa:ubuntuhandbook1\/apps<\/pre>\n
    To remove the feed reader package, simply run command:<\/p>\n
    sudo apt remove --autoremove liferea-data liferea<\/pre>\n
    That’s all. Enjoy!<\/p>","protected":false},"excerpt":{"rendered":"
    For users of Liferea feed reader, new version 1.14.1 and 1.12.10 were released few days ago. All users are urged to upgrade due to an important security fix. Liferea is a free open-source GTK3 feed reader that brings together all of the content from your favorite subscriptions into a simple interface. It can synchronizes with […]<\/p>\n","protected":false},"author":1,"featured_media":36141,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[45],"class_list":["post-43774","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","tag-feed-reader"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ubuntuhandbook.org\/index.php\/wp-json\/wp\/v2\/posts\/43774","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ubuntuhandbook.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ubuntuhandbook.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ubuntuhandbook.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ubuntuhandbook.org\/index.php\/wp-json\/wp\/v2\/comments?post=43774"}],"version-history":[{"count":0,"href":"https:\/\/ubuntuhandbook.org\/index.php\/wp-json\/wp\/v2\/posts\/43774\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ubuntuhandbook.org\/index.php\/wp-json\/wp\/v2\/media\/36141"}],"wp:attachment":[{"href":"https:\/\/ubuntuhandbook.org\/index.php\/wp-json\/wp\/v2\/media?parent=43774"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ubuntuhandbook.org\/index.php\/wp-json\/wp\/v2\/categories?post=43774"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ubuntuhandbook.org\/index.php\/wp-json\/wp\/v2\/tags?post=43774"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}