Mandriva Linux Security Advisory : jhead (MDVSA-2009:041)
Critical Nessus Plugin ID 37496
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionSecurity vulnerabilities have been identified and fixed in jhead.
Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) (CVE-2008-4575).
Jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary file (CVE-2008-4639).
Jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename (CVE-2008-4640).
jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input (CVE-2008-4641).
This update provides the latest Jhead to correct these issues.
SolutionUpdate the affected jhead package.