Mandrake Security Advisory MDVSA-2009:041 (jhead)

Summary
The remote host is missing an update to jhead announced via advisory MDVSA-2009:041.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:041
Insight
Security vulnerabilies have been identified and fixed in jhead. Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) (CVE-2008-4575). Jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary file (CVE-2008-4639). Jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename (CVE-2008-4640). jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input (CVE-2008-4641). This update provides the latest Jhead to correct these issues. Affected: 2008.0, 2008.1, 2009.0