USN-2168-1: Python Imaging Library vulnerabilities

15 April 2014

python-imaging vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 13.10
• Ubuntu 12.10
• Ubuntu 12.04 LTS
• Ubuntu 10.04 LTS

Summary

Python Imaging Library could be made to overwrite or expose files.

Software Description

• python-imaging - Python Imaging Library

Details

Jakub Wilk discovered that the Python Imaging Library incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files, or gain access to temporary file contents. (CVE-2014-1932, CVE-2014-1933)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.10

python-imaging - 1.1.7+2.0.0-1ubuntu1.1

Ubuntu 12.10

python-imaging - 1.1.7-4ubuntu0.12.10.1

Ubuntu 12.04 LTS

python-imaging - 1.1.7-4ubuntu0.12.04.1

Ubuntu 10.04 LTS

python-imaging - 1.1.7-1ubuntu0.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2014-1932
• CVE-2014-1933