Advisories » MGASA-2015-0380

Updated shutter packages fix CVE-2015-0854

Publication date: 23 Sep 2015
Modification date: 23 Sep 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-0854

Description

Updated shutter package fixes security vulnerability:

In the "Shutter" screenshot application, it was discovered that using the
"Show in folder" menu option while viewing a file with a specially-crafted
path allows for arbitrary code execution with the permissions of the user
running Shutter (CVE-2015-0854).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16754
• http://openwall.com/lists/oss-security/2015/09/13/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0854

SRPMS

5/core

• shutter-0.93-4.1.mga5