[ MDVSA-2015:099 ] python-pillow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:099
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : python-pillow
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated python-imaging packages fix security vulnerabilities:
 
 Jakub Wilk discovered that temporary files were insecurely created
 (via mktemp()) in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py,
 and EpsImagePlugin.py files of Python Imaging Library. A local attacker
 could use this flaw to perform a symbolic link attack to modify an
 arbitrary file accessible to the user running an application that
 uses the Python Imaging Library (CVE-2014-1932).
 
 Jakub Wilk discovered that temporary files created in the
 Jpeg

007 Software

[ MDVSA-2015:099 ] python-pillow

Leave a Reply Cancel reply

Software and Security Information