Gentoo Security Advisory GLSA 201110-08 (feh) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 201110-08.

Solution

All feh users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-gfx/feh-1.12' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-08 http://bugs.gentoo.org/show_bug.cgi?id=325531 http://bugs.gentoo.org/show_bug.cgi?id=354063

Insight

Multiple vulnerabilities were found in feh, the worst of which leading to remote passive code execution.

Severity

Classification

CVE CVE-2010-2246, CVE-2011-0702, CVE-2011-1031

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200403-12 (openldap)
Gentoo Security Advisory GLSA 200410-15 (squid)
Gentoo Security Advisory GLSA 200409-06 (eGroupWare)
Gentoo Security Advisory GLSA 200501-24 (tnftp)
Gentoo Security Advisory GLSA 200402-07 (clamav)

Take action and discover your vulnerabilities