drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Pillow (Aktualisierung)
Name: |
Mehrere Probleme in Pillow (Aktualisierung) |
|
ID: |
USN-3090-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS |
|
Datum: |
Sa, 1. Oktober 2016, 00:22 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775 |
|
Applikationen: |
Pillow |
|
Update von: |
Mehrere Probleme in Pillow |
|
Originalnachricht |
--===============2270099081832180388== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-2vbai9Ijx8gkJNPpYq4s"
--=-2vbai9Ijx8gkJNPpYq4s Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3090-2 September 30, 2016
Pillow regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Details:
USN-3090-1 fixed vulnerabilities in Pillow. The patch to fix CVE-2014-9601 caused a regression which resulted in failures when processing certain png images. This update temporarily reverts the security fix for CVE-2014-9601 pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that a flaw in processing a compressed text chunk in a PNG image could cause the image to have a large size when decompressed, potentially leading to a denial of service. (CVE-2014-9601)
Andrew Drake discovered that Pillow incorrectly validated input. A remote attacker could use this to cause Pillow to crash, resulting in a denial of service. (CVE-2014-3589)
Eric Soroos discovered that Pillow incorrectly handled certain malformed FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service. (CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS:  python-imaging                  2.3.0-1ubuntu3.3  python-pil                      2.3.0-1ubuntu3.3  python3-imaging                 2.3.0-1ubuntu3.3  python3-pil                     2.3.0-1ubuntu3.3
References: Â http://www.ubuntu.com/usn/usn-3090-2 Â http://www.ubuntu.com/usn/usn-3090-1 Â CVE-2014-9601, https://launchpad.net/bugs/1628351
Package Information: Â https://launchpad.net/ubuntu/+source/pillow/2.3.0-1ubuntu3.3 --Òvbai9Ijx8gkJNPpYq4s Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAABCAAGBQJX7tq9AAoJEEK++w9AZDrpmIkP/1kYTps6EjNRjp9JJ/RljmMe bDCtmgMK79kHkZ4QczYtbEGVjmF7GncYQps79HGb1nk2vFetj4irVCjxxvCMG7Jn yqOPyxieSYFJrw6G6lIqBDSvCU+HA8P2p/gz5ugndSenS7Vx/Ee0xB/urE3wr/I/ bP7E8DMA8xE+f/FGOMpQqbiGVXo5Ah0jmIq0ae3POFK41zwA0APgGCENgEe51bwD Fflt1UlUcRoRpBakR7uwbKGOjvt9CcJsVpZEaJe90bQ7rAvvskhNXgY93sCtljk8 SNGyCPE2pfGYbBboYIG5jBzfLyHChrCQ3oT+Xc3NDN46foy0QrIWxcFoQMfdTwcc 2uxAHX7MVYOH0LpJUgbhnbW2K2Vz5XV5HkKGomOM2pR6ZG3pUrDR1B2+p6mTeEVr xApkBf5aISJOdJVM50/bPdtHNB5CvvEMjxr8gn8ScYhzIaBowjtyBIfDIsSdTX0B z57Obo36HD+WHH3Ib3DMhpvWHLf6Tep+4E0cQCTIpEUB9HbsqWrW+5g3hRUvXwwU XEiQwXRkg82ydd0nXsTZwUCFkhARxmX6TdD/YjcHzW5PBwk2418QsODppe6z3Bqd 8NLvBf2Qrxu2YD/Vosxsj2UGJ+UiwcZVto+JRb0LdTDBDCTp13dj3zIRGgyy/Vwl d11iIp4oXu0wa8BTrm1I =4nF6 -----END PGP SIGNATURE-----
--=-2vbai9Ijx8gkJNPpYq4s--
--===============2270099081832180388== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2270099081832180388==--
|
|
|
|