Security vulnerabilies have been identified and fixed in jhead. Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service . Jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary file . Jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename . jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input . This update provides the latest Jhead to correct these issues.