openSUSE 10 Security Update : jhead (jhead-5899)
Critical Nessus Plugin ID 35331
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update of jhead fixes several security problems :
- CVE-2008-4575: buffer overflow in DoCommand()
- CVE-2008-4639: local symlink attack
- CVE-2008-4640: DoCommand() allowed deletion of arbitrary files
- CVE-2008-4641: execution of arbitrary shell commands in DoCommand()
SolutionUpdate the affected jhead package.