Mandriva Linux Security Advisory 2009-041 - Security vulnerabilities have been identified and fixed in jhead. Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash). Jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. Jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename. jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. This update provides the latest Jhead to correct these issues.
ec03dde18fba49ba3c5a579afa29b6ff1c75dc1ed6f2fc7e6db863639c69172b
Gentoo Linux Security Advisory GLSA 200901-02 - Multiple vulnerabilities in JHead might lead to the execution of arbitrary code or data loss. Versions less than 2.84-r1 are affected.
69352640345ae81ab7981ab3b11c54588fc1cefd02630aad6d89b1768afc9683