Advisories ยป MGASA-2014-0476

Updated python-imaging and python-pillow packages fix security vulnerability

Publication date: 21 Nov 2014
Modification date: 21 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3007

Description

Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote
attackers to execute arbitrary commands via shell metacharacters, due to an
incomplete fix for CVE-2014-1932 (CVE-2014-3007).
                

References

SRPMS

3/core

4/core