Paketname
jhead
Datum
2009-02-17
Advisory ID
MDVSA-2009:041
Betroffene Versionen
2009.0 x86_64 , 2008.0 i586 , 2009.0 i586 , 2008.0 x86_64 , 2008.1 x86_64 , 2008.1 i586

Problembeschreibung

Security vulnerabilies have been identified and fixed in jhead.

Buffer overflow in the DoCommand function in jhead before 2.84 might
allow context-dependent attackers to cause a denial of service (crash)
(CVE-2008-4575).

Jhead before 2.84 allows local users to overwrite arbitrary files
via a symlink attack on a temporary file (CVE-2008-4639).

Jhead 2.84 and earlier allows local users to delete arbitrary files
via vectors involving a modified input filename (CVE-2008-4640).

jhead 2.84 and earlier allows attackers to execute arbitrary commands
via shell metacharacters in unspecified input (CVE-2008-4641).

This update provides the latest Jhead to correct these issues.

Aktualisierte Pakete

2009.0 x86_64

 c070d4670f4a0059c04cb8863cb4dfb4  2009.0/x86_64/jhead-2.86-0.1mdv2009.0.x86_64.rpm 
 da9d3f99a662ac543c837098e0648b46  2009.0/SRPMS/jhead-2.86-0.1mdv2009.0.src.rpm

2008.0 i586

 441d3119c29e74427f8c8a2c2589450b  2008.0/i586/jhead-2.86-0.1mdv2008.0.i586.rpm 
 8275bd4ad7ed0ebca8f3936f291846eb  2008.0/SRPMS/jhead-2.86-0.1mdv2008.0.src.rpm

2009.0 i586

 c08f58d5cce3c286cc40f94039e9daf1  2009.0/i586/jhead-2.86-0.1mdv2009.0.i586.rpm 
 da9d3f99a662ac543c837098e0648b46  2009.0/SRPMS/jhead-2.86-0.1mdv2009.0.src.rpm

2008.0 x86_64

 371d922e6244a289a1ef0848d0a92076  2008.0/x86_64/jhead-2.86-0.1mdv2008.0.x86_64.rpm 
 8275bd4ad7ed0ebca8f3936f291846eb  2008.0/SRPMS/jhead-2.86-0.1mdv2008.0.src.rpm

2008.1 x86_64

 a62b13bfcfb21d59f3686ae93e9dcae8  2008.1/x86_64/jhead-2.86-0.1mdv2008.1.x86_64.rpm 
 72ef0127cabb83a5bea9a293002f5e59  2008.1/SRPMS/jhead-2.86-0.1mdv2008.1.src.rpm

2008.1 i586

 2c8593b1c6ee841645f8052d2262a694  2008.1/i586/jhead-2.86-0.1mdv2008.1.i586.rpm 
 72ef0127cabb83a5bea9a293002f5e59  2008.1/SRPMS/jhead-2.86-0.1mdv2008.1.src.rpm

Referenzen