Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Pillow
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Pillow
ID: DSA-3710-1
Distribution: Debian
Plattformen: Debian sid, Debian jessie, Debian stretch
Datum: Fr, 11. November 2016, 06:14
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9189
Applikationen: Pillow

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3710-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 10, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : pillow
CVE ID : CVE-2016-9189 CVE-2016-9190

Cris Neckar discovered multiple vulnerabilities in Pillow, a Python
imaging library, which may result in the execution of arbitrary code or
information disclosure if a malformed image file is processed.

For the stable distribution (jessie), these problems have been fixed in
version 2.6.1-2+deb8u3.

For the testing distribution (stretch), these problems have been fixed
in version 3.4.2-1.

For the unstable distribution (sid), these problems have been fixed in
version 3.4.2-1.

We recommend that you upgrade your pillow packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJYJPAgAAoJEBDCk7bDfE421K8QAIMule3HpGCBoZzgr4q/klhm
2PVJsVojEZmThAoi+3ag2U/+tCVuCQygpCo7GEvffpYKk8a1JNbPAOrVR1DeExzO
dD6H9W3K11rMxn298yESNxqHdME/h3IC7iqeGnL1ZWMi8/YnAofzt+DnoOF+iHLQ
uK238iUSe5cPvL3K46G6vHIQc44bW7vhlLV6xKRw8VgkDD9+kq2rv+gxEqmMUV50
kX0Q/Vul1qUopbr8OhUsKTf8XvYlSx6vajw/Rgfg0BsBb1S4a/JIAfbX0CecpgSm
Be4oHyaN1N41ZYfkZSK9ehRaQOkWEKL90hDTwUgswY9xV2n6vZD3sZZTz5TLi9sz
TB8Segnty6SWjPDZU/ox/GyePujK7OfKf0/SY5FaLuL73D6LpHSAXm15mvX4BMQ2
mxA7LWgits+M6vHA242Un43lBFnprKPvT2cw9Rv01s9wj8NAa1o049fLkNe16Kl7
Zv4wXIFrDMT9wlGPfoG3dILLLoKEiyQZbLbEZMsv+o7n4E+QyFKruaQdLKtdDd9T
kh287vjoEDZgWTEdfV/9rLtqDcLT7mn20wWKf6kKLrNKSenguEiR1LmxL4s9uSSn
dO994c0VO+9B9gjA7lr2PyPQ29EhjhkqSOnHdv57l9G+THWV+gRPtyC1crAH4g8A
WL8qz/c75BNGap0x0Gv7
=N5cx
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung