1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • Pillow vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Thursday, February 06, 2020 16:10:08
    pillow vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS
    * Ubuntu 14.04 ESM

    Summary

    Several security issues were fixed in Pillow.

    Software Description

    * pillow - Python Imaging Library

    Details

    It was discovered that Pillow incorrectly handled certain images.
    An attacker could possibly use this issue to cause a denial of
    service. (CVE-2019-16865, CVE-2019-19911)

    It was discovered that Pillow incorrectly handled certain images.
    An attacker could possibly use this issue to execute arbitrary
    code. (CVE-2020-5312)

    It was discovered that Pillow incorrectly handled certain TIFF
    images. An attacker could possibly use this issue to cause a
    crash. This issue only affected Ubuntu 19.10. (CVE-2020-5310)

    It was discovered that Pillow incorrectly handled certain SGI
    images. An attacker could possibly use this issue to execute
    arbitrary code or cause a crash. This issue only affected Ubuntu
    18.04 and Ubuntu 19.10. (CVE-2020-5311)

    It was discovered that Pillow incorrectly handled certain PCX
    images. An attackter could possibly use this issue to execute
    arbitrary code or cause a crash. (CVE-2020-5312)

    It was discovered that Pillow incorrectly handled certain Flip
    images. An attacker could possibly use this issue to execute
    arbitrary code or cause a crash. (CVE-2020-5313)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    python-pil - 6.1.0-1ubuntu0.2
    python3-pil - 6.1.0-1ubuntu0.2

    Ubuntu 18.04 LTS
    python-pil - 5.1.0-1ubuntu0.2
    python3-pil - 5.1.0-1ubuntu0.2

    Ubuntu 16.04 LTS
    python-imaging - 3.1.2-0ubuntu1.3
    python-pil - 3.1.2-0ubuntu1.3
    python3-pil - 3.1.2-0ubuntu1.3

    Ubuntu 14.04 ESM
    python-imaging - 2.3.0-1ubuntu3.4+esm1
    python-pil - 2.3.0-1ubuntu3.4+esm1
    python3-imaging - 2.3.0-1ubuntu3.4+esm1
    python3-pil - 2.3.0-1ubuntu3.4+esm1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2019-16865
    * CVE-2019-19911
    * CVE-2020-5310
    * CVE-2020-5311
    * CVE-2020-5312
    * CVE-2020-5313

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, July 22, 2020 12:10:02
    pillow vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Pillow could be made to crash if it opened a specially crafted
    file.

    Software Description

    * pillow - Python Imaging Library

    Details

    It was discovered that Pillow incorrectly handled certain image
    files. If a user or automated system were tricked into opening a
    specially-crafted image file, a remote attacker could possibly
    cause Pillow to crash, resulting in a denial of service.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 18.04 LTS
    python-pil - 5.1.0-1ubuntu0.3
    python3-pil - 5.1.0-1ubuntu0.3

    Ubuntu 16.04 LTS
    python-pil - 3.1.2-0ubuntu1.4
    python3-pil - 3.1.2-0ubuntu1.4

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-10177
    * CVE-2020-10378
    * CVE-2020-10994
    * CVE-2020-11538

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Thursday, July 23, 2020 12:10:07
    pillow vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS

    Summary

    Pillow could be made to crash if it opened a specially crafted
    file.

    Software Description

    * pillow - Python Imaging Library

    Details

    USN-4430-1 fixed vulnerabilities in Pillow. This update provides
    the corresponding updates for Ubuntu 20.04 LTS.

    Original advisory details:

    It was discovered that Pillow incorrectly handled certain image
    files. If a user or automated system were tricked into opening a
    specially-crafted image file, a remote attacker could possibly
    cause Pillow to crash, resulting in a denial of service.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    python3-pil - 7.0.0-4ubuntu0.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * USN-4430-1
    * CVE-2020-10177
    * CVE-2020-10378
    * CVE-2020-10379
    * CVE-2020-10994
    * CVE-2020-11538

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)