MDVSA-2009:041
- Package name
- jhead
- Date
- 2009-02-17
- Advisory ID
- MDVSA-2009:041
- Affected versions
- 2009.0 x86_64 , 2008.0 i586 , 2009.0 i586 , 2008.0 x86_64 , 2008.1 x86_64 , 2008.1 i586
Problem description
Security vulnerabilies have been identified and fixed in jhead.
Buffer overflow in the DoCommand function in jhead before 2.84 might
allow context-dependent attackers to cause a denial of service (crash)
(CVE-2008-4575).
Jhead before 2.84 allows local users to overwrite arbitrary files
via a symlink attack on a temporary file (CVE-2008-4639).
Jhead 2.84 and earlier allows local users to delete arbitrary files
via vectors involving a modified input filename (CVE-2008-4640).
jhead 2.84 and earlier allows attackers to execute arbitrary commands
via shell metacharacters in unspecified input (CVE-2008-4641).
This update provides the latest Jhead to correct these issues.
Updated packages
2009.0 x86_64
c070d4670f4a0059c04cb8863cb4dfb4 2009.0/x86_64/jhead-2.86-0.1mdv2009.0.x86_64.rpm da9d3f99a662ac543c837098e0648b46 2009.0/SRPMS/jhead-2.86-0.1mdv2009.0.src.rpm
2008.0 i586
441d3119c29e74427f8c8a2c2589450b 2008.0/i586/jhead-2.86-0.1mdv2008.0.i586.rpm 8275bd4ad7ed0ebca8f3936f291846eb 2008.0/SRPMS/jhead-2.86-0.1mdv2008.0.src.rpm
2009.0 i586
c08f58d5cce3c286cc40f94039e9daf1 2009.0/i586/jhead-2.86-0.1mdv2009.0.i586.rpm da9d3f99a662ac543c837098e0648b46 2009.0/SRPMS/jhead-2.86-0.1mdv2009.0.src.rpm
2008.0 x86_64
371d922e6244a289a1ef0848d0a92076 2008.0/x86_64/jhead-2.86-0.1mdv2008.0.x86_64.rpm 8275bd4ad7ed0ebca8f3936f291846eb 2008.0/SRPMS/jhead-2.86-0.1mdv2008.0.src.rpm
2008.1 x86_64
a62b13bfcfb21d59f3686ae93e9dcae8 2008.1/x86_64/jhead-2.86-0.1mdv2008.1.x86_64.rpm 72ef0127cabb83a5bea9a293002f5e59 2008.1/SRPMS/jhead-2.86-0.1mdv2008.1.src.rpm
2008.1 i586
2c8593b1c6ee841645f8052d2262a694 2008.1/i586/jhead-2.86-0.1mdv2008.1.i586.rpm 72ef0127cabb83a5bea9a293002f5e59 2008.1/SRPMS/jhead-2.86-0.1mdv2008.1.src.rpm