Bug 37067 - python-imaging: Multiple issues (4.1)
python-imaging: Multiple issues (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-4-errata
Assigned To: Arvid Requate
Florian Best
:
Depends on:
Blocks: 42900
  Show dependency treegraph
 
Reported: 2014-11-27 08:18 CET by Moritz Muehlenhoff
Modified: 2016-12-01 11:57 CET (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-11-27 08:18:31 CET
Insecure temporary files (CVE-2014-1932, CVE-2014-1933)
Shell code injection (CVE-2014-3007)
Comment 1 Moritz Muehlenhoff univentionstaff 2015-01-19 08:30:08 CET
Denial of service in handling PNG images (CVE-2014-9601)
Comment 2 Arvid Requate univentionstaff 2015-05-06 18:48:41 CEST
All of the issues above have been classified as "Minor issue" in Debian.
Comment 3 Stefan Gohmann univentionstaff 2015-09-01 14:24:07 CEST
The issue classified as minor issues. Removing target milestone.
Comment 4 Arvid Requate univentionstaff 2016-02-22 12:25:46 CET
A new issue:

* Execution of arbitrary code due to buffer overflow in FliDecode.c (CVE-2016-0775)
Comment 5 Arvid Requate univentionstaff 2016-10-04 20:57:01 CEST
Upstream Debian package version 1.1.7-4+deb7u2 fixes these issues:

* Execution of arbitrary code due to buffer overflow in FliDecode.c (CVE-2016-0775)
* Remote denial of service (crash) via a crafted PhotoCD file due to buffer overflow in the ImagingPcdDecode function in PcdDecode.c (CVE-2016-2533)
Comment 6 Arvid Requate univentionstaff 2016-11-08 20:28:17 CET
Upstream Debian package version 1.1.7-4+deb7u3 fixes:

* Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. (CVE-2016-9189)

* Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. (CVE-2016-9190)
Comment 7 Arvid Requate univentionstaff 2016-11-10 21:21:05 CET
Advisory: python-imaging.yaml
Comment 8 Florian Best univentionstaff 2016-11-29 18:24:53 CET
OK: *** 1.1.7-4.15.201611102035 0
        500 http://omar.knut.univention.de/build2/ ucs_4.1-0-errata4.1-4/amd64/ Packages
OK: YAML
OK: zgrep -C1 -e CVE-2016-0775 -e CVE-2016-2533 -e CVE-2016-9189 -e CVE-2016-9190 /usr/share/doc/python-imaging/changelog.Debian.gz
OK: build
dpkg-source: Information: python-imaging_1.1.7-4+deb7u3.diff.gz wird angewandt

OK: functionality
>>> from PIL import Image
>>> Image.open(open('/usr/share/univention-management-console-frontend/js/dijit/themes/umc/images/background-tile.png'))
<PIL.PngImagePlugin.PngImageFile image mode=RGBA size=100x100 at 0x7F7C00BE1998>
Comment 9 Janek Walkenhorst univentionstaff 2016-12-01 11:57:20 CET
<http://errata.software-univention.de/ucs/4.1/337.html>