feh: Multiple vulnerabilities

2011-10-13T00:00:00
ID GLSA-201110-08
Type gentoo
Reporter Gentoo Foundation
Modified 2011-10-13T00:00:00

Description

Background

feh is a fast, lightweight imageviewer using imlib2.

Description

Multiple vulnerabilities have been discovered in feh. Please review the CVE identifiers referenced below for details.

Impact

A malicious entity might entice a user to visit a URL using the --wget-timestamp option, thus executing arbitrary commands via shell metacharacters; a malicious local user could perform a symlink attack and overwrite arbitrary files.

Workaround

There is no known workaround at this time.

Resolution

All feh users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-gfx/feh-1.12"