SUSE-SU-2015:0777-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20150777-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0777-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:0777-1
Related
Published
2015-04-22T14:27:27Z
Modified
2015-04-22T14:27:27Z
Summary
Security update for python-Pillow
Details

python-pillow has been updated to 2.7.0 to fix three security issues.

The following vulnerabilities have been fixed:

* CVE-2014-9601: Remote attackers could have caused a denial of service
  via a compressed text chunk in a PNG image that has a large size when
  it is decompressed.
* CVE-2014-3598: Remote attackers could have caused a denial of service
  using specially crafted image files via Jpeg2KImagePlugin.
* CVE-2014-3589: Remote attackers could have caused a denial of service
  using specially crafted image files via IcnsImagePlugin.
* CVE-2014-1932: A local user could have overwritten arbitrary files
  and obtain sensitive information via a symlink attack on the
  temporary file.
* CVE-2014-1933: A local user could have gained information helpful for
  symlink attacks by listing process information which uses the names
  of temporary files on the command line.

Security Issues:

* CVE-2014-9601
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9601>
* CVE-2014-3598
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3598>
* CVE-2014-3589
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3589>
* CVE-2014-1932
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932>
* CVE-2014-1933
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933>
References

Affected packages