Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1031 to the following vulnerability: The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1031 [2] https://bugzilla.redhat.com/show_bug.cgi?id=676389 [3] https://derf.homelinux.org/git/feh/commit/?id=23421a86cc826dd30f3dc4f62057fafb04b3ac40 [4] https://derf.homelinux.org/git/feh/commit/?id=29ab0855f044ef2fe9c295b72abefcb37f0861a5 [5] https://github.com/derf/feh/issues/#issue/32 [6] http://secunia.com/advisories/43221
Created feh tracking bugs for this issue Affects: fedora-all [bug 676390]
This was fixed in 1.11.2: http://feh.finalrewind.org/archive/ And fixed in Fedora via the update to 1.14.1: http://koji.fedoraproject.org/koji/buildinfo?buildID=250264