MDVSA-2009:041 -- Mandriva jheadID: oval:org.secpod.oval:def:300647 | Date: (C)2012-01-07 (M)2021-06-02 |
Class: PATCH | Family: unix |
Security vulnerabilies have been identified and fixed in jhead. Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service . Jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary file . Jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename . jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input . This update provides the latest Jhead to correct these issues.
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2008.1 |
Mandriva Linux 2008.0 |