drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Pillow
Name: |
Mehrere Probleme in Pillow |
|
ID: |
USN-3090-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS |
|
Datum: |
Mi, 28. September 2016, 07:40 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9601 |
|
Applikationen: |
Pillow |
|
Originalnachricht |
--===============1799486696603230507== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-mED0/icx+Tj09CaACeda"
--=-mED0/icx+Tj09CaACeda Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3090-1 September 27, 2016
Pillow vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Pillow could be made to crash if it received specially crafted input or opened a specially crafted file.
Software Description: - pillow: Python Imaging Library compatibility layer
Details:
It was discovered that a flaw in processing a compressed text chunk in a PNG image could cause the image to have a large size when decompressed, potentially leading to a denial of service. (CVE-2014-9601)
Andrew Drake discovered that Pillow incorrectly validated input. A remote attacker could use this to cause Pillow to crash, resulting in a denial of service. (CVE-2014-3589)
Eric Soroos discovered that Pillow incorrectly handled certain malformed FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service. (CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS:  python-imaging                  2.3.0-1ubuntu3.2  python-pil                      2.3.0-1ubuntu3.2  python3-imaging                 2.3.0-1ubuntu3.2  python3-pil                     2.3.0-1ubuntu3.2
In general, a standard system update will make all the necessary changes.
References: Â http://www.ubuntu.com/usn/usn-3090-1 Â CVE-2014-3589, CVE-2014-9601, CVE-2016-0740, CVE-2016-0775, Â CVE-2016-2533
Package Information: Â https://launchpad.net/ubuntu/+source/pillow/2.3.0-1ubuntu3.2 --ÖED0/icx+Tj09CaACeda Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAABCAAGBQJX6u4fAAoJEEK++w9AZDrpHQQP/iWaYxU4wgpnF6hpILhRqkAR Z3ZPBwaabO0moyqtvfpF0IaGS+C8COvZ7qyFQBd3jDtdg4c3U2QjP7VJ0JGNPsIW quQfpIW1udgkTbmLvqv/QRS2tbsIW/+4dfBCgnmmGelI/goBcYz24OrYxWFpKPvl 07XNabDOxTCLSEIjhyjHLDCGivEMIpOlNXtR48u6ZqbqMz96XYqNfsIsKnPGPHUZ WQhE6G3LvL1Ubgk2wD5PfwTxh5CVl59CRNnsys7C+/R3OWTw3HS9fgsJDN2TLFSp EmmRJ35rYTXipjsfcHynhzSE1lr6rjMStjeAImYQAtDSNUXL1YBnlP9GoJ1itNdp PJzAdpzSeP0MUehW03Ry3MicwAV8jF79Dc7tzK4NloQT7V7Q9S39Vg3UDjTqVRYj h6JCGDeFPsmXX5TWY51dAhkr5KdAW3dYhjcSRb8TtJ+EZD9lnYOHLgFFFTGEXaZ7 1WMxM83iT7IybyQ6KbWy/tQVp0lcwm8sB6OwpPy1fKGptB27pZSBrKjCvYrcQTqw 3h9qTjCKZ86PzqsPHzeARO3/MkrVoswqGw+TTvxc1PuSu96dF9TAGniNeEeGgsiB +DZXaS18kuJzR+zvJA7EN7EvKQeFvdl+I3TADKd0zPEYVqLcdf0/mqXpmoVx+Q9K 4JNAMxtRfM2Uoe7yYhIR =a1DN -----END PGP SIGNATURE-----
--=-mED0/icx+Tj09CaACeda--
--===============1799486696603230507== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1799486696603230507==--
|
|
|
|