|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu Update for pillow USN-3090-1|
|Summary:||The remote host is missing an update for the 'pillow'; package(s) announced via the USN-3090-1 advisory.|
The remote host is missing an update for the 'pillow'
package(s) announced via the USN-3090-1 advisory.
It was discovered that a flaw in processing a compressed text chunk in
a PNG image could cause the image to have a large size when decompressed,
potentially leading to a denial of service. (CVE-2014-9601)
Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)
Eric Soroos discovered that Pillow incorrectly handled certain malformed
FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to
cause Pillow to crash, resulting in a denial of service.
(CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)
pillow on Ubuntu 14.04 LTS.
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2014-9601|
SuSE Security Announcement: openSUSE-SU-2015:0798 (Google Search)
BugTraq ID: 77758
Common Vulnerability Exposure (CVE) ID: CVE-2014-3589
Debian Security Information: DSA-3009 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2016-0740
Debian Security Information: DSA-3499 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2016-0775
Common Vulnerability Exposure (CVE) ID: CVE-2016-2533
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.