Gentoo Security Advisory GLSA 201110-08 (feh) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 201110-08.

Solution

All feh users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-gfx/feh-1.12' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-08 http://bugs.gentoo.org/show_bug.cgi?id=325531 http://bugs.gentoo.org/show_bug.cgi?id=354063

Insight

Multiple vulnerabilities were found in feh, the worst of which leading to remote passive code execution.

Severity

Classification

CVE CVE-2010-2246, CVE-2011-0702, CVE-2011-1031
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200406-11 (horde-imp)
Gentoo Security Advisory GLSA 200411-03 (apache)
Gentoo Security Advisory GLSA 200405-06 (libpng)
Gentoo Security Advisory GLSA 200404-20 (xine)
Gentoo Security Advisory GLSA 200405-04 (openoffice)

Take action and discover your vulnerabilities