Updated python-pillow packages fix security vulnerability
Publication date: 17 Feb 2016Modification date: 17 Feb 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-0740 , CVE-2016-0775
Description
A buffer overflow in TiffDecode.c causing an arbitrary amount of memory to
be overwritten when opening a specially crafted invalid TIFF file
(CVE-2016-0740).
A buffer overflow in FliDecode.c causing a segfault when opening FLI files
(CVE-2016-0775).
A buffer overflow in PcdDecode.c causing a segfault when opening PhotoCD
files.
References
- https://bugs.mageia.org/show_bug.cgi?id=17671
- http://openwall.com/lists/oss-security/2016/02/02/5
- https://github.com/python-pillow/Pillow/blob/777ef4f523679a9ea0f3573efc224bf821b6abe7/docs/releasenotes/3.1.1.rst
- https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176983.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
SRPMS
5/core
- python-pillow-2.6.2-2.5.mga5