Debian Security Advisory
DLA-769-1 shutter -- LTS security update
- Date Reported:
- 30 Dec 2016
- Affected Packages:
- shutter
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 798862.
In Mitre's CVE dictionary: CVE-2015-0854. - More information:
-
The feature-rich screenshot program shutter uses the system() call in an unsafe way. This allows an attacker to execute arbitrary programs via crafted directory names.
For Debian 7
Wheezy
, this problem has been fixed in version 0.88.3-1+deb7u1.For Debian 8
Jessie
, this problem will be fixed in version 0.92-0.1+deb8u1, part of the upcoming point releaseFor Debian 9
Stretch
andSid
, this problem has been fixed in version 0.93.1-1We recommend that you upgrade your shutter packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS