========================================================================== Ubuntu Security Notice USN-3230-1 March 13, 2017 pillow vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Pillow. Software Description: - pillow: Python Imaging Library Details: It was discovered that Pillow incorrectly handled certain compressed text chunks in PNG images. A remote attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9601) Cris Neckar discovered that Pillow incorrectly handled certain malformed images. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2016-9189) Cris Neckar discovered that Pillow incorrectly handled certain malformed images. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9190) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: python-imaging 3.3.1-1ubuntu0.1 python-pil 3.3.1-1ubuntu0.1 python3-pil 3.3.1-1ubuntu0.1 Ubuntu 16.04 LTS: python-imaging 3.1.2-0ubuntu1.1 python-pil 3.1.2-0ubuntu1.1 python3-pil 3.1.2-0ubuntu1.1 Ubuntu 14.04 LTS: python-imaging 2.3.0-1ubuntu3.4 python-pil 2.3.0-1ubuntu3.4 python3-imaging 2.3.0-1ubuntu3.4 python3-pil 2.3.0-1ubuntu3.4 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3230-1 CVE-2014-9601, CVE-2016-9189, CVE-2016-9190 Package Information: https://launchpad.net/ubuntu/+source/pillow/3.3.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/pillow/3.1.2-0ubuntu1.1 https://launchpad.net/ubuntu/+source/pillow/2.3.0-1ubuntu3.4