You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa python-imaging

Sigurnosni nedostaci programskog paketa python-imaging

==========================================================================
Ubuntu Security Notice USN-2168-1
April 15, 2014

python-imaging vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

Python Imaging Library could be made to overwrite or expose files.

Software Description:
– python-imaging: Python Imaging Library

Details:

Jakub Wilk discovered that the Python Imaging Library incorrectly handled
temporary files. A local attacker could possibly use this issue to
overwrite arbitrary files, or gain access to temporary file contents.
(CVE-2014-1932, CVE-2014-1933)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
python-imaging 1.1.7+2.0.0-1ubuntu1.1

Ubuntu 12.10:
python-imaging 1.1.7-4ubuntu0.12.10.1

Ubuntu 12.04 LTS:
python-imaging 1.1.7-4ubuntu0.12.04.1

Ubuntu 10.04 LTS:
python-imaging 1.1.7-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2168-1
CVE-2014-1932, CVE-2014-1933

Package Information:
https://launchpad.net/ubuntu/+source/python-imaging/1.1.7+2.0.0-1ubuntu1.1
https://launchpad.net/ubuntu/+source/python-imaging/1.1.7-4ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/python-imaging/1.1.7-4ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/python-imaging/1.1.7-1ubuntu0.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTTUHGAAoJEGVp2FWnRL6TlSMP/A8OoSTiSoy9lS9ZsGev0B9J
3ySpqp6hFq0sc0DBqcQdeCzQTMQ5J//y8lYOZhtJYhBnY9tFGhj/oEqw0d2veevw
H2vMZU3wzIJAlWmVG7W2FtFCB4pcdjt8MZHcLQA26E0qz/u9lDuQh+8tewlnZhtl
MM62VUoIIpFAeMIK4oFKNDMKh6Z0VAig8ewaTkhB1UmdCm73HYUpcm+/SQV8k1/+
7eorIn4o93gdgyF0/lGdWgS5xy3+SFRhn5doPdtoOa7xwRKPibJxa36BcG1Xxmsh
jVisMTv74jx+9cDEnqTSHAa9xprwEGLDKHK0fowagXaT/CNBPYi7Eld2FJrFevwo
wTxc8hXbfqX7c6wz62kypyramejKrJRq+w7m0SrQnxCkxDpodEgxD1jSP5R2+YOH
u/VpVkH19Rd5H+myBdE3/itc09gw9QDMTROWQsm/jnH3MYOG/dDZoQs36lmCGuZC
KQ16Pa0Vw9IjEquQZ4RaASaKkjhpnSrnGCtFODh1rZBTy+W4o1YXW+s7X37pCj+v
CGEAnYbAJBb2OOgIUuTyySN8jnYqgqBapnkJNrmI7u55TYoeNaCUDoze9+pqVRCo
BXNG+pCl5xgbajQEHN5JKinCbAl1rHfUniSdJrcvhBoY9A0Zjgqxn+2ZkPXalHBe
a+r6mUNFXVzL8dw19TO8
=4icq
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa strongswan

Otkriven je sigurnosni nedostatak u programskom paketu strongswan za operacijski sustav Suse. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje IKEv2 autentikacijskog...

Close