SUSE-SU-2015:0777-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0777-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2015:0777-1
- Related
- Published
- 2015-04-22T14:27:27Z
- Modified
- 2015-04-22T14:27:27Z
- Summary
- Security update for python-Pillow
- Details
-
python-pillow has been updated to 2.7.0 to fix three security issues.
The following vulnerabilities have been fixed:
* CVE-2014-9601: Remote attackers could have caused a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. * CVE-2014-3598: Remote attackers could have caused a denial of service using specially crafted image files via Jpeg2KImagePlugin. * CVE-2014-3589: Remote attackers could have caused a denial of service using specially crafted image files via IcnsImagePlugin. * CVE-2014-1932: A local user could have overwritten arbitrary files and obtain sensitive information via a symlink attack on the temporary file. * CVE-2014-1933: A local user could have gained information helpful for symlink attacks by listing process information which uses the names of temporary files on the command line.Security Issues:
* CVE-2014-9601 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9601> * CVE-2014-3598 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3598> * CVE-2014-3589 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3589> * CVE-2014-1932 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932> * CVE-2014-1933 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933> - References
-
- https://www.suse.com/support/update/announcement/2015/suse-su-20150777-1/
- https://bugzilla.suse.com/921566
- https://www.suse.com/security/cve/CVE-2014-1932
- https://www.suse.com/security/cve/CVE-2014-1933
- https://www.suse.com/security/cve/CVE-2014-3589
- https://www.suse.com/security/cve/CVE-2014-3598
- https://www.suse.com/security/cve/CVE-2014-9601