- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-2168-1
April 15, 2014
python-imaging vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS
Summary:
Python Imaging Library could be made to overwrite or expose files.
Software Description:
– python-imaging: Python Imaging Library
Details:
Jakub Wilk discovered that the Python Imaging Library incorrectly handled
temporary files. A local attacker could possibly use this issue to
overwrite arbitrary files, or gain access to temporary file contents.
(CVE-2014-1932, CVE-2014-1933)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
python-imaging 1.1.7+2.0.0-1ubuntu1.1
Ubuntu 12.10:
python-imaging 1.1.7-4ubuntu0.12.10.1
Ubuntu 12.04 LTS:
python-imaging 1.1.7-4ubuntu0.12.04.1
Ubuntu 10.04 LTS:
python-imaging 1.1.7-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2168-1
CVE-2014-1932, CVE-2014-1933
Package Information:
https://launchpad.net/ubuntu/+source/python-imaging/1.1.7+2.0.0-1ubuntu1.1
https://launchpad.net/ubuntu/+source/python-imaging/1.1.7-4ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/python-imaging/1.1.7-4ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/python-imaging/1.1.7-1ubuntu0.2
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJTTUHGAAoJEGVp2FWnRL6TlSMP/A8OoSTiSoy9lS9ZsGev0B9J
3ySpqp6hFq0sc0DBqcQdeCzQTMQ5J//y8lYOZhtJYhBnY9tFGhj/oEqw0d2veevw
H2vMZU3wzIJAlWmVG7W2FtFCB4pcdjt8MZHcLQA26E0qz/u9lDuQh+8tewlnZhtl
MM62VUoIIpFAeMIK4oFKNDMKh6Z0VAig8ewaTkhB1UmdCm73HYUpcm+/SQV8k1/+
7eorIn4o93gdgyF0/lGdWgS5xy3+SFRhn5doPdtoOa7xwRKPibJxa36BcG1Xxmsh
jVisMTv74jx+9cDEnqTSHAa9xprwEGLDKHK0fowagXaT/CNBPYi7Eld2FJrFevwo
wTxc8hXbfqX7c6wz62kypyramejKrJRq+w7m0SrQnxCkxDpodEgxD1jSP5R2+YOH
u/VpVkH19Rd5H+myBdE3/itc09gw9QDMTROWQsm/jnH3MYOG/dDZoQs36lmCGuZC
KQ16Pa0Vw9IjEquQZ4RaASaKkjhpnSrnGCtFODh1rZBTy+W4o1YXW+s7X37pCj+v
CGEAnYbAJBb2OOgIUuTyySN8jnYqgqBapnkJNrmI7u55TYoeNaCUDoze9+pqVRCo
BXNG+pCl5xgbajQEHN5JKinCbAl1rHfUniSdJrcvhBoY9A0Zjgqxn+2ZkPXalHBe
a+r6mUNFXVzL8dw19TO8
=4icq
—–END PGP SIGNATURE—–
—
| Autor | Marijo Plepelic |
| Cert id | NCERT-REF-2014-04-0004-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
