Fedora 9: 2009-1776 Moderate: jhead Command Execution & File Deletion

Jhead displays and manipulates the non-image portions of EXIF formatted

JPEG images, such as the images produced by most digital cameras.

* fixes "CVE-2008-4640 jhead: arbitrary file deletion" (#468056) * fixes

"CVE-2008-4641 jhead: command exection caused by incorrect handling of the shell

escapes" (#468057)

* Mon Feb 16 2009 Adrian Reber - 2.86-1

- updated to 2.86

- fixes "CVE-2008-4640 jhead: arbitrary file deletion" (#468056)

- fixes "CVE-2008-4641 jhead: command exection caused by

incorrect handling of the shell escapes" (#468057)

- fixes "build ignores optflags" (#485697)

* Thu Oct 16 2008 Adrian Reber - 2.84-1

- updated to 2.84

- fixes "CVE-2008-4575 jhead buffer overflow" (#467262)

- removed upstreamed makefile patch

* Wed Sep 24 2008 Adrian Reber - 2.82-2

- rebased makefile patch

[ 1 ] Bug #468056 - CVE-2008-4640 jhead: arbitrary file deletion

https://bugzilla.redhat.com/show_bug.cgi?id=468056

[ 2 ] Bug #468057 - CVE-2008-4641 jhead: command exection caused by incorrect handling of the shell escapes

https://bugzilla.redhat.com/show_bug.cgi?id=468057

su -c 'yum update jhead' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/