drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Pillow
Name: |
Mehrere Probleme in Pillow |
|
ID: |
USN-4963-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, Ubuntu 21.04 |
|
Datum: |
Mi, 19. Mai 2021, 23:33 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677 |
|
Applikationen: |
Pillow |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8601606612436956369== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="LZPf5dTUZ1e74M0kaMIHLWaqbLfLpuxcS"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --LZPf5dTUZ1e74M0kaMIHLWaqbLfLpuxcS Content-Type: multipart/mixed; boundary="wD0cFF45twG8P5jw12PTK3wIeuzSNEsPi"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <0bad754b-a4ec-a5e0-739f-0e3e44f74600@canonical.com> Subject: [USN-4963-1] Pillow vulnerabilities
--wD0cFF45twG8P5jw12PTK3wIeuzSNEsPi Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4963-1 May 19, 2021
pillow vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS
Summary:
Pillow could be made to crash or hang if it opened a specially crafted file.
Software Description: - pillow: Python Imaging Library
Details:
It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash or hand, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: python3-pil 8.1.2-1ubuntu0.1
Ubuntu 20.10: python3-pil 7.2.0-1ubuntu0.3
Ubuntu 20.04 LTS: python3-pil 7.0.0-4ubuntu0.4
Ubuntu 18.04 LTS: python-pil 5.1.0-1ubuntu0.6 python3-pil 5.1.0-1ubuntu0.6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-4963-1 CVE-2021-25287, CVE-2021-25288, CVE-2021-28675, CVE-2021-28676, CVE-2021-28677, CVE-2021-28678
Package Information: https://launchpad.net/ubuntu/+source/pillow/8.1.2-1ubuntu0.1 https://launchpad.net/ubuntu/+source/pillow/7.2.0-1ubuntu0.3 https://launchpad.net/ubuntu/+source/pillow/7.0.0-4ubuntu0.4 https://launchpad.net/ubuntu/+source/pillow/5.1.0-1ubuntu0.6
--wD0cFF45twG8P5jw12PTK3wIeuzSNEsPi--
--LZPf5dTUZ1e74M0kaMIHLWaqbLfLpuxcS Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmClMrkACgkQZWnYVadE vpNM4w/+PU/48CuzplbjOS47tC1XV58XFu2z6iB7YLsxPVcQ7pv/imti4l8KAt0A Os10Okm+gewLNGP8ZJzoM72Z9/F0oc8Wicr3t0OI0FikoAgx02bnkbrEsVx5SeKO RxIQQXeLPWir1pmEbqMgVeJSY8LBuNPu+R34XOQkXatQenIIjT+C3WY+3LKQFW7O S3hcl2tNtkIL6RKZnAoGNyN1COMMHgtZ1UuE0kAtW63E/mfz8mXfO4nt8J8kGmAR KEc3zyl/VPwlbRla3axwy+pvqGnW4PHbB0qxBB1jU/ji7yi5PeckQkv4tKxx6EvE bc9xnr2m3UZMthqrwaD/MLojFvW/Pd728j9pSvxk8NXNHco0XV8U/Z0qhHCXlbFo Cwp2YAzRrl3BUvnq7aWgpiF2dERzZodt12MJUXLf79XkGPeCIvqfJecs4r5NZpi1 n4JiFea8DACMLDBKBtdyVz8pUK40uAQFteumkAKTi9hDry5FBvdv2/xg6kYzD43z /i00ZkHTlAHP6I+LlgpUgv/pwRpsti0u7DEMGFMO8lna9dth7fvRMI5PhOGuaA2g v35cxWjEkVXH3yUOo5R8Yk5tSJNVxgKKS8NudBvTC2lCMAmvPY86SD5zbW3dxuUd zDzdrCkd8GI2CqUZbheYWqSydXWCX7CpemS4J8Eu3MhD/twTeRY= =x+JD -----END PGP SIGNATURE-----
--LZPf5dTUZ1e74M0kaMIHLWaqbLfLpuxcS--
--===============8601606612436956369== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============8601606612436956369==--
|
|
|
|