Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Pillow (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Pillow (Aktualisierung)
ID: USN-5227-2
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 ESM, Ubuntu 16.04 ESM
Datum: Di, 18. Januar 2022, 10:26
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
Applikationen: Pillow
Update von: Mehrere Probleme in Pillow

Originalnachricht


--===============1039184768353122360==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="/NkBOFFp2J2Af1nK"
Content-Disposition: inline


--/NkBOFFp2J2Af1nK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-5227-2
January 17, 2022

pillow vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in Pillow.

Software Description:
- pillow: Python Imaging Library

Details:

USN-5227-1 fixed several vulnerabilities in Pillow. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Pillow incorrectly handled certain image files. If a
user or automated system were tricked into opening a specially-crafted
file, a remote attacker could cause Pillow to hang, resulting in a denial
of service. (CVE-2021-23437)

It was discovered that Pillow incorrectly handled certain image files. If a
user or automated system were tricked into opening a specially-crafted
file, a remote attacker could cause Pillow to crash, resulting in a denial
of service. This issue ony affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and
Ubuntu 21.04. (CVE-2021-34552)

It was discovered that Pillow incorrectly handled certain image files. If a
user or automated system were tricked into opening a specially-crafted
file, a remote attacker could cause Pillow to crash, resulting in a denial
of service, or possibly execute arbitrary code. (CVE-2022-22815)

It was discovered that Pillow incorrectly handled certain image files. If a
user or automated system were tricked into opening a specially-crafted
file, a remote attacker could cause Pillow to crash, resulting in a denial
of service. (CVE-2022-22816)

It was discovered that Pillow incorrectly handled certain image files. If a
user or automated system were tricked into opening a specially-crafted
file, a remote attacker could cause Pillow to crash, resulting in a denial
of service, or possibly execute arbitrary code. (CVE-2022-22817)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
python-pil 3.1.2-0ubuntu1.6+esm1
python3-pil 3.1.2-0ubuntu1.6+esm1

Ubuntu 14.04 ESM:
python-pil 2.3.0-1ubuntu3.4+esm3
python3-pil 2.3.0-1ubuntu3.4+esm3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5227-2
https://ubuntu.com/security/notices/USN-5227-1
CVE-2021-23437, CVE-2021-34552, CVE-2022-22815, CVE-2022-22816,
CVE-2022-22817

--/NkBOFFp2J2Af1nK
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmHlerwACgkQRbznW4QL
H2mniBAAn6HKPD8qKQQlanmVv9OuyRYPHMC9xTSraQvCLqj2uwoSqOFVJ4RrwCuJ
e/UJB/4O8ycwy5Zv/80H0JMwVuhvgN68dHJk8BBqf4qX13ofp7xLyupMlp3Cpe+3
Pei0JV8GQ6pjKQd82s9HjdSdmb+TPhPwZI0ZYApsoMDJo3F4DD+000vRwcZGgfnP
ozC8Gru5o9RXU3dpIgZOwEG81W3yYY0huHj6ZjHOY4LOv4HS5VVc/k2V0f0hTpS8
ih8+NdwDhHh84n+24sqzO1SAXVrWqVpo+besQkms0CoFIceOtmCYFi7L84cL/vch
IBQxCyOJR32jIohvBkJtQ2Ex7KetP3DWX8gVjZe9r7gIW8s533puy71jYFMZ1SOr
VbWYUu7WZxfEvmtKHmlZQ2di8Tirpaq70r3QqaAfLiQNiFv2zDbC22RRMecAzEWn
uS46RhHoVTajCNifgyYvTf5SFWfBUc2wCDfuHeiYDKPDxo8ANTrUOLejJsPGPEMe
s00FZDbcAcGoJ/ST4zDDmcSWD7ZsBrGtpQtZFcVEeVQn0E1rRab6UIbEswmMD7R1
SKFoaGDiHdgTd5DOAFTq492GaSSAe1G/4NyxUiVdqA8ZSVCjJjmcNywMvZuKdQP5
7XNCAX1sg3hu1J/WLxQEGHzJS+noCJToBenGAh/3ZRFTHSHupPA=
=sCnY
-----END PGP SIGNATURE-----

--/NkBOFFp2J2Af1nK--


--===============1039184768353122360==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung