Описание
Security update for python-Pillow
This update for python-Pillow fixes the following issues:
- backport security fixes from 3.1.1 (Pillow-overflows.patch):
- Fixed an integer overflow in Resample.c causing writes in the Python heap.
- Fixed a buffer overflow in PcdDecode.c causing a segfault when opening PhotoCD files. CVE-2016-TBD
- Fixed a buffer overflow in FliDecode.c causing a segfault when opening FLI files. CVE-2016-0775 (fixes boo#965582)
- Fixed a buffer overflow in TiffDecode.c causing an arbitrary amount of memory to be overwritten when opening a specially crafted invalid TIFF file. CVE-2016-0740 (fixes boo#965579)
Список пакетов
openSUSE Leap 42.1
python-Pillow-2.9.0-6.1
python-Pillow-tk-2.9.0-6.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0762-1
- SUSE Security Ratings
Описание
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.
Затронутые продукты
openSUSE Leap 42.1:python-Pillow-2.9.0-6.1
openSUSE Leap 42.1:python-Pillow-tk-2.9.0-6.1
Ссылки
- CVE-2016-0740
- SUSE Bug 965579
- SUSE Bug 965582
Описание
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
Затронутые продукты
openSUSE Leap 42.1:python-Pillow-2.9.0-6.1
openSUSE Leap 42.1:python-Pillow-tk-2.9.0-6.1
Ссылки
- CVE-2016-0775
- SUSE Bug 965579
- SUSE Bug 965582