{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2023-1350","title":"Title"},{"category":"description","text":"A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2023-1350","url":"https://www.suse.com/security/cve/CVE-2023-1350"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1209190 for CVE-2023-1350","url":"https://bugzilla.suse.com/1209190"},{"category":"external","summary":"Advisory link for openSUSE-SU-2023:0096-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U2XWO532L7BXCMKLBA5M4DP7HIU4NSO2/"}],"title":"SUSE CVE CVE-2023-1350","tracking":{"current_release_date":"2025-12-19T01:31:23Z","generator":{"date":"2023-03-15T03:34:18Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2023-1350","initial_release_date":"2023-03-15T03:34:18Z","revision_history":[{"date":"2023-03-15T03:34:18Z","number":"2","summary":"Current version"},{"date":"2023-04-28T01:57:12Z","number":"3","summary":"Current version"},{"date":"2024-10-05T04:24:15Z","number":"4","summary":"Current version"},{"date":"2024-10-21T17:22:58Z","number":"5","summary":"Current version"},{"date":"2025-01-01T02:34:06Z","number":"6","summary":"Current version"},{"date":"2025-02-14T07:03:47Z","number":"7","summary":"Current version"},{"date":"2025-02-16T06:52:52Z","number":"8","summary":"Current version"},{"date":"2025-03-15T06:47:30Z","number":"9","summary":"Current version"},{"date":"2025-04-25T02:57:05Z","number":"10","summary":"Current version"},{"date":"2025-12-17T01:19:43Z","number":"11","summary":"description changed"},{"date":"2025-12-19T01:31:23Z","number":"12","summary":"description changed"}],"status":"interim","version":"12"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 12 SP5","product":{"name":"SUSE Linux Enterprise High Performance Computing 12 SP5","product_id":"SUSE Linux Enterprise High Performance Computing 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sle-hpc:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP2-BCL","product":{"name":"SUSE Linux Enterprise Server 12 SP2-BCL","product_id":"SUSE Linux Enterprise Server 12 SP2-BCL","product_identification_helper":{"cpe":"cpe:/o:suse:sles-bcl:12:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP4-ESPOS","product":{"name":"SUSE Linux Enterprise Server 12 SP4-ESPOS","product_id":"SUSE Linux Enterprise Server 12 SP4-ESPOS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-espos:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP4-LTSS","product":{"name":"SUSE Linux Enterprise Server 12 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP5","product":{"name":"SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server Teradata 12 SP3","product":{"name":"SUSE Linux Enterprise Server Teradata 12 SP3","product_id":"SUSE Linux Enterprise Server Teradata 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_teradata:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server Teradata 12 SP3-LTSS","product":{"name":"SUSE Linux Enterprise Server Teradata 12 SP3-LTSS","product_id":"SUSE Linux Enterprise Server Teradata 12 SP3-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles_ltss_teradata:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp5"}}},{"category":"product_name","name":"SUSE OpenStack Cloud 9","product":{"name":"SUSE OpenStack Cloud 9","product_id":"SUSE OpenStack Cloud 9","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud:9"}}},{"category":"product_name","name":"SUSE OpenStack Cloud Crowbar 9","product":{"name":"SUSE OpenStack Cloud Crowbar 9","product_id":"SUSE OpenStack Cloud Crowbar 9","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud-crowbar:9"}}},{"category":"product_name","name":"SUSE Package Hub 15 SP4","product":{"name":"SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4"}},{"category":"product_name","name":"openSUSE Leap 15.4","product":{"name":"openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.4"}}},{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"liferea","product":{"name":"liferea","product_id":"liferea","product_identification_helper":{"purl":"pkg:rpm/suse/liferea@?upstream=liferea.src.rpm"}}},{"category":"product_version","name":"liferea-1.14.1-1.1","product":{"name":"liferea-1.14.1-1.1","product_id":"liferea-1.14.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/liferea@1.14.1-1.1?upstream=liferea-1.14.1-1.1.src.rpm"}}},{"category":"product_version","name":"liferea-1.14.1-bp154.2.3.1","product":{"name":"liferea-1.14.1-bp154.2.3.1","product_id":"liferea-1.14.1-bp154.2.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/liferea@1.14.1-bp154.2.3.1?upstream=liferea-1.14.1-bp154.2.3.1.src.rpm"}}},{"category":"product_version","name":"liferea-lang","product":{"name":"liferea-lang","product_id":"liferea-lang","product_identification_helper":{"purl":"pkg:rpm/suse/liferea-lang@?upstream=liferea.src.rpm"}}},{"category":"product_version","name":"liferea-lang-1.14.1-1.1","product":{"name":"liferea-lang-1.14.1-1.1","product_id":"liferea-lang-1.14.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/liferea-lang@1.14.1-1.1?upstream=liferea-1.14.1-1.1.src.rpm"}}},{"category":"product_version","name":"liferea-lang-1.14.1-bp154.2.3.1","product":{"name":"liferea-lang-1.14.1-bp154.2.3.1","product_id":"liferea-lang-1.14.1-bp154.2.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/liferea-lang@1.14.1-bp154.2.3.1?upstream=liferea-1.14.1-bp154.2.3.1.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"liferea-1.14.1-bp154.2.3.1 as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1"},"product_reference":"liferea-1.14.1-bp154.2.3.1","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"liferea-lang-1.14.1-bp154.2.3.1 as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:liferea-lang-1.14.1-bp154.2.3.1"},"product_reference":"liferea-lang-1.14.1-bp154.2.3.1","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"liferea-1.14.1-bp154.2.3.1 as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1"},"product_reference":"liferea-1.14.1-bp154.2.3.1","relates_to_product_reference":"openSUSE Leap 15.4"},{"category":"default_component_of","full_product_name":{"name":"liferea-lang-1.14.1-bp154.2.3.1 as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:liferea-lang-1.14.1-bp154.2.3.1"},"product_reference":"liferea-lang-1.14.1-bp154.2.3.1","relates_to_product_reference":"openSUSE Leap 15.4"},{"category":"default_component_of","full_product_name":{"name":"liferea-1.14.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:liferea-1.14.1-1.1"},"product_reference":"liferea-1.14.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"liferea-lang-1.14.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:liferea-lang-1.14.1-1.1"},"product_reference":"liferea-lang-1.14.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"liferea as component of SUSE Linux Enterprise High Performance Computing 12 SP5","product_id":"SUSE Linux Enterprise High Performance Computing 12 SP5:liferea"},"product_reference":"liferea","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"liferea as component of SUSE Linux Enterprise Server 12 SP2-BCL","product_id":"SUSE Linux Enterprise Server 12 SP2-BCL:liferea"},"product_reference":"liferea","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2-BCL"},{"category":"default_component_of","full_product_name":{"name":"liferea-lang as component of SUSE Linux Enterprise Server 12 SP2-BCL","product_id":"SUSE Linux Enterprise Server 12 SP2-BCL:liferea-lang"},"product_reference":"liferea-lang","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2-BCL"},{"category":"default_component_of","full_product_name":{"name":"liferea as component of SUSE Linux Enterprise Server 12 SP4-ESPOS","product_id":"SUSE Linux Enterprise Server 12 SP4-ESPOS:liferea"},"product_reference":"liferea","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"liferea-lang as component of SUSE Linux Enterprise Server 12 SP4-ESPOS","product_id":"SUSE Linux Enterprise Server 12 SP4-ESPOS:liferea-lang"},"product_reference":"liferea-lang","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"liferea as component of SUSE Linux Enterprise Server 12 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP4-LTSS:liferea"},"product_reference":"liferea","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"liferea-lang as component of SUSE Linux Enterprise Server 12 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP4-LTSS:liferea-lang"},"product_reference":"liferea-lang","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"liferea as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:liferea"},"product_reference":"liferea","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"liferea-lang as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:liferea-lang"},"product_reference":"liferea-lang","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"liferea as component of SUSE Linux Enterprise Server Teradata 12 SP3","product_id":"SUSE Linux Enterprise Server Teradata 12 SP3:liferea"},"product_reference":"liferea","relates_to_product_reference":"SUSE Linux Enterprise Server Teradata 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"liferea as component of SUSE Linux Enterprise Server Teradata 12 SP3-LTSS","product_id":"SUSE Linux Enterprise Server Teradata 12 SP3-LTSS:liferea"},"product_reference":"liferea","relates_to_product_reference":"SUSE Linux Enterprise Server Teradata 12 SP3-LTSS"},{"category":"default_component_of","full_product_name":{"name":"liferea as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4:liferea"},"product_reference":"liferea","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"liferea-lang as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4:liferea-lang"},"product_reference":"liferea-lang","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"liferea as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:liferea"},"product_reference":"liferea","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"liferea as component of SUSE OpenStack Cloud 9","product_id":"SUSE OpenStack Cloud 9:liferea"},"product_reference":"liferea","relates_to_product_reference":"SUSE OpenStack Cloud 9"},{"category":"default_component_of","full_product_name":{"name":"liferea-lang as component of SUSE OpenStack Cloud 9","product_id":"SUSE OpenStack Cloud 9:liferea-lang"},"product_reference":"liferea-lang","relates_to_product_reference":"SUSE OpenStack Cloud 9"},{"category":"default_component_of","full_product_name":{"name":"liferea as component of SUSE OpenStack Cloud Crowbar 9","product_id":"SUSE OpenStack Cloud Crowbar 9:liferea"},"product_reference":"liferea","relates_to_product_reference":"SUSE OpenStack Cloud Crowbar 9"},{"category":"default_component_of","full_product_name":{"name":"liferea-lang as component of SUSE OpenStack Cloud Crowbar 9","product_id":"SUSE OpenStack Cloud Crowbar 9:liferea-lang"},"product_reference":"liferea-lang","relates_to_product_reference":"SUSE OpenStack Cloud Crowbar 9"}]},"vulnerabilities":[{"cve":"CVE-2023-1350","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-1350"}],"notes":[{"category":"general","text":"A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Linux Enterprise High Performance Computing 12 SP5:liferea","SUSE Linux Enterprise Server 12 SP2-BCL:liferea","SUSE Linux Enterprise Server 12 SP2-BCL:liferea-lang","SUSE Linux Enterprise Server 12 SP4-ESPOS:liferea","SUSE Linux Enterprise Server 12 SP4-ESPOS:liferea-lang","SUSE Linux Enterprise Server 12 SP4-LTSS:liferea","SUSE Linux Enterprise Server 12 SP4-LTSS:liferea-lang","SUSE Linux Enterprise Server 12 SP5:liferea","SUSE Linux Enterprise Server 12 SP5:liferea-lang","SUSE Linux Enterprise Server Teradata 12 SP3-LTSS:liferea","SUSE Linux Enterprise Server Teradata 12 SP3:liferea","SUSE Linux Enterprise Server for SAP Applications 12 SP4:liferea","SUSE Linux Enterprise Server for SAP Applications 12 SP4:liferea-lang","SUSE Linux Enterprise Server for SAP Applications 12 SP5:liferea","SUSE OpenStack Cloud 9:liferea","SUSE OpenStack Cloud 9:liferea-lang","SUSE OpenStack Cloud Crowbar 9:liferea","SUSE OpenStack Cloud Crowbar 9:liferea-lang"],"recommended":["SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1","SUSE Package Hub 15 SP4:liferea-lang-1.14.1-bp154.2.3.1","openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1","openSUSE Leap 15.4:liferea-lang-1.14.1-bp154.2.3.1","openSUSE Tumbleweed:liferea-1.14.1-1.1","openSUSE Tumbleweed:liferea-lang-1.14.1-1.1"]},"references":[{"category":"external","summary":"CVE-2023-1350","url":"https://www.suse.com/security/cve/CVE-2023-1350"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1209190 for CVE-2023-1350","url":"https://bugzilla.suse.com/1209190"},{"category":"external","summary":"Advisory link for openSUSE-SU-2023:0096-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U2XWO532L7BXCMKLBA5M4DP7HIU4NSO2/"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1","SUSE Package Hub 15 SP4:liferea-lang-1.14.1-bp154.2.3.1","openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1","openSUSE Leap 15.4:liferea-lang-1.14.1-bp154.2.3.1","openSUSE Tumbleweed:liferea-1.14.1-1.1","openSUSE Tumbleweed:liferea-lang-1.14.1-1.1"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1","SUSE Package Hub 15 SP4:liferea-lang-1.14.1-bp154.2.3.1","openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1","openSUSE Leap 15.4:liferea-lang-1.14.1-bp154.2.3.1","openSUSE Tumbleweed:liferea-1.14.1-1.1","openSUSE Tumbleweed:liferea-lang-1.14.1-1.1"]}],"threats":[{"category":"impact","date":"2023-03-11T10:00:07Z","details":"important"}],"title":"CVE-2023-1350"}]}