Fedora 15 : feh-1.14.1-1.fc15 (2011-8750)

low Nessus Plugin ID 55499

Synopsis

The remote Fedora host is missing a security update.

Description

Changes since 0.10.1 :

- Bug fixes * Make zoom_default key work properly with
--geometry * Only create caption directory when actually writing out a caption.
<http://github.com/derf/feh/issues/42> * read directory contents sorted by filename instead of 'randomly' (as returned by readdir) by default. Thanks talisein! <https://github.com/derf/feh/pull/20> * Show certain warnings in the image window as well as on the commandline <http://github.com/derf/feh/issues/43> * Change a patch for NETWM fullscreen support to only apply to fullscreen windows. This fixes the moving windows bug in fluxbox (since fluxbox doesn't report its window border width).
<http://github.com/derf/feh/issues/22> <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570903 > * Minor manpage fixes.
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625683 > * Fix --auto-zoom / --zoom max/fill documentation, the 'Auto-Zoom' menu option is now always checked when these options are used * Set _NET_WM_NAME and
_NET_WM_ICON_NAME properties <http://github.com/derf/feh/issues/44> * The zoom_default key now works fine with --scale-down <http://github.com/derf/feh/issues/41> * Fix access of uninitialized memory / malloc/realloc clash in continued theme definition handling. Having a theme line with just one option/value pair used to produce undefined behaviour * Fix segfault upon unloadable images when image-related format specifiers (e.g. %h) are used in
--title * Fix Imlib2 caching bug in reload (only worked after the second try) * Show correct image dimensions in for cached thumbnails * Fix zooming when --scale-down is used * Make in/out zoom use equal zoom ratio

- Behavior changes/compatability * --menu-style is now deprecated * The --menu-bg option has been deprecated.
It will be removed along with --menu-style by the end of 2012. <http://github.com/derf/feh/issues/27> * Since the manual is way better structured and more detailed than the --help output, it now simply refers to the manual. * The 'A' key (toggle_aliasing) now actually changes the current window, and not just the default for new windows
* Show images in current directory when invoked without file arguments * The --bg options are now Xinerama-aware. That is, they set the image in the respective mode (scale/fill/max/center) on each Xinerama screen. Use --no-xinerama to disable this. * Add --zoom fill as equivalent for --auto-zoom * Remove builtin http client (--builtin) * http images are now viewed using libcurl, not wget (thanks to talisein) This adds libcurl as dependency, and removes the wget recommendation * Allow commandline options to override those set in a theme * Remove support for FEH_OPTIONS (was deprecated >5 years ago) * Restrict available modifiers to Control/Mod1/Mod4 * The themes are now read from ~/.config/feh/themes (BC for .fehrc exists) * Key bindings can now be configured via ~/.config/feh/keys * Removes --rcpath, use XDG_CONFIG_HOME instead * Increase movement steps for Ctrl+Left etc.

- Features * You can now use the next/prev/jump keys to navigate thumbnails. Use the render key to open the currently selected thumbnail.
<http://github.com/derf/feh/issues/26> * Option to disable antialiasing, either global (--force-aliasing) or per image (press 'A' to toggle, keybinding toggle_aliasing) * Use SIGUSR1/SIGUSR2 to reload all images in multiwindow mode * Add --zoom max (zooming like in --bg-max)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected feh package.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570903

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625683

https://github.com/derf/feh/issues/22

https://github.com/derf/feh/issues/26

https://github.com/derf/feh/issues/27

https://github.com/derf/feh/issues/41

https://github.com/derf/feh/issues/42

https://github.com/derf/feh/issues/43

https://github.com/derf/feh/issues/44

https://bugzilla.redhat.com/show_bug.cgi?id=676389

https://github.com/derf/feh/pull/20

http://www.nessus.org/u?85a0dced

Plugin Details

Severity: Low

ID: 55499

File Name: fedora_2011-8750.nasl

Version: 1.13

Type: local

Agent: unix

Published: 7/5/2011

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:feh, cpe:/o:fedoraproject:fedora:15

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/26/2011

Vulnerability Publication Date: 2/14/2011

Reference Information

CVE: CVE-2011-0702

BID: 46182

FEDORA: 2011-8750