Advisories » MGASA-2017-0137

Updated feh package fixes security vulnerability

Publication date: 10 May 2017
Modification date: 10 May 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-7875

Description

Updated feh package to fix a double-free/OOB-write in E17 IPC. This was
a potential security issue as a malicious X11 app running alongside feh
and pretending to be an E17 window manager could have had access to
out-of-bound memory. Security vulnerability: CVE-2017-7875
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20775
• https://feh.finalrewind.org/
• https://lists.opensuse.org/opensuse-updates/2017-05/msg00000.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7875

SRPMS

5/core

• feh-2.18.3-1.mga5