Ubuntu alert USN-3090-1 (Pillow)
| From: | Emily Ratliff <emily.ratliff@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-3090-1] Pillow vulnerabilities | |
| Date: | Tue, 27 Sep 2016 17:09:35 -0500 | |
| Message-ID: | <1475014175.30577.3.camel@canonical.com> |
========================================================================== Ubuntu Security Notice USN-3090-1 September 27, 2016 Pillow vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Pillow could be made to crash if it received specially crafted input or opened a specially crafted file. Software Description: - pillow: Python Imaging Library compatibility layer Details: It was discovered that a flaw in processing a compressed text chunk in a PNG image could cause the image to have a large size when decompressed, potentially leading to a denial of service. (CVE-2014-9601) Andrew Drake discovered that Pillow incorrectly validated input. A remote attacker could use this to cause Pillow to crash, resulting in a denial of service. (CVE-2014-3589) Eric Soroos discovered that Pillow incorrectly handled certain malformed FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service. (CVE-2016-0740, CVE-2016-0775, CVE-2016-2533) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: python-imaging 2.3.0-1ubuntu3.2 python-pil 2.3.0-1ubuntu3.2 python3-imaging 2.3.0-1ubuntu3.2 python3-pil 2.3.0-1ubuntu3.2 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3090-1 CVE-2014-3589, CVE-2014-9601, CVE-2016-0740, CVE-2016-0775, CVE-2016-2533 Package Information: https://launchpad.net/ubuntu/+source/pillow/2.3.0-1ubuntu3.2-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...