Bug 677607 (CVE-2011-1031)

Summary: CVE-2011-1031 feh: Ability to create arbitrary files via a symlink attack
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: ivazqueznet
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: feh 1.11.2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-11 15:38:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 676390    
Bug Blocks:    

Description Jan Lieskovsky 2011-02-15 11:04:04 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1031 to
the following vulnerability:

The feh_unique_filename function in utils.c in feh 1.11.2 and earlier
might allow local users to create arbitrary files via a symlink attack
on a /tmp/feh_ temporary file, a different vulnerability than
CVE-2011-0702.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1031
[2] https://bugzilla.redhat.com/show_bug.cgi?id=676389
[3] https://derf.homelinux.org/git/feh/commit/?id=23421a86cc826dd30f3dc4f62057fafb04b3ac40
[4] https://derf.homelinux.org/git/feh/commit/?id=29ab0855f044ef2fe9c295b72abefcb37f0861a5
[5] https://github.com/derf/feh/issues/#issue/32
[6] http://secunia.com/advisories/43221
Comment 1 Jan Lieskovsky 2011-02-15 11:05:40 UTC 
Created feh tracking bugs for this issue

Affects: fedora-all [bug 676390]
Comment 2 Vincent Danen 2012-09-11 15:38:07 UTC 
This was fixed in 1.11.2:

http://feh.finalrewind.org/archive/

And fixed in Fedora via the update to 1.14.1:

http://koji.fedoraproject.org/koji/buildinfo?buildID=250264