|Package(s):||python-imaging||CVE #(s):||CVE-2014-1932 CVE-2014-1933|
|Created:||April 4, 2014||Updated:||November 24, 2014|
|Description:||From the Mageia advisory:
Jakub Wilk discovered that temporary files were insecurely created (via mktemp()) in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and EpsImagePlugin.py files of Python Imaging Library. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running an application that uses the Python Imaging Library (CVE-2014-1932).
Jakub Wilk discovered that temporary files created in the JpegImagePlugin.py and EpsImagePlugin.py files of the Python Imaging Library were passed to an external process. These could be viewed on the command line, allowing an attacker to obtain the name and possibly perform symbolic link attacks, allowing them to modify an arbitrary file accessible to the user running an application that uses the Python Imaging Library (CVE-2014-1933).
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds