Mandrake Security Advisory MDVSA-2009:041 (jhead)

The remote host is missing an update to jhead announced via advisory MDVSA-2009:041.
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
Security vulnerabilies have been identified and fixed in jhead. Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) (CVE-2008-4575). Jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary file (CVE-2008-4639). Jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename (CVE-2008-4640). jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input (CVE-2008-4641). This update provides the latest Jhead to correct these issues. Affected: 2008.0, 2008.1, 2009.0