Red Hat Bugzilla – Bug 468056
CVE-2008-4640 jhead: arbitrary file deletion
Last modified: 2009-03-06 08:11:29 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4640 to the following vulnerability:
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and
earlier allows local users to delete arbitrary files via vectors
involving a modified input filename in which (1) a final "z" character
is replaced by a "t" character or (2) a final "t" character is
replaced by a "z" character.
debian has released jhead 2.86 which seems to fix this error.
I will update jhead to 2.86 on all branches.
jhead-2.86-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
jhead-2.86-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: