ID FEDORA:920A2606E7F5 Type fedora Reporter Fedora Modified 2016-04-10T14:22:35
Description
Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt ), devel (development) and doc (documentation).
{"cve": [{"lastseen": "2020-10-03T12:10:44", "description": "Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-24T18:59:00", "title": "CVE-2016-3076", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3076"], "modified": "2017-04-29T01:59:00", "cpe": ["cpe:/a:python:pillow:2.5.0", "cpe:/a:python:pillow:2.8.0", "cpe:/a:python:pillow:2.8.1", "cpe:/a:python:pillow:2.8.2", "cpe:/a:python:pillow:2.6.1", "cpe:/a:python:pillow:2.9.0", "cpe:/a:python:pillow:2.5.1", "cpe:/a:python:pillow:2.6.0", "cpe:/a:python:pillow:2.5.3", "cpe:/a:python:pillow:2.6.2", "cpe:/a:python:pillow:3.1.0", "cpe:/a:python:pillow:2.5.2", "cpe:/a:python:pillow:3.0.0", "cpe:/a:python:pillow:2.7.0"], "id": "CVE-2016-3076", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3076", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:python:pillow:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:2.9.0:dev1:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:3.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:2.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:2.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:2.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:2.9.0:dev0:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:2.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:2.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:pillow:2.9.0:dev2:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:35:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3076"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-04-11T00:00:00", "id": "OPENVAS:1361412562310807783", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807783", "type": "openvas", "title": "Fedora Update for python-pillow FEDORA-2016-6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-pillow FEDORA-2016-6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807783\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-11 05:16:34 +0200 (Mon, 11 Apr 2016)\");\n script_cve_id(\"CVE-2016-3076\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python-pillow FEDORA-2016-6\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-pillow'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"python-pillow on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-April/181863.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-pillow\", rpm:\"python-pillow~2.8.2~5.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3076"], "description": "Mageia Linux Local Security Checks mgasa-2016-0141", "modified": "2018-10-12T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310131306", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131306", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0141", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0141.nasl 11856 2018-10-12 07:45:29Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131306\");\n script_version(\"$Revision: 11856 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:18:08 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 09:45:29 +0200 (Fri, 12 Oct 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0141\");\n script_tag(name:\"insight\", value:\"This update fixes an integer overflow in Jpeg2KEncode.c causing a buffer overflow (CVE-2016-3076).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0141.html\");\n script_cve_id(\"CVE-2016-3076\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0141\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"python-pillow\", rpm:\"python-pillow~2.6.2~2.5.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3076"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-04-11T00:00:00", "id": "OPENVAS:1361412562310807786", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807786", "type": "openvas", "title": "Fedora Update for python-pillow FEDORA-2016-35700", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-pillow FEDORA-2016-35700\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807786\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-11 05:16:35 +0200 (Mon, 11 Apr 2016)\");\n script_cve_id(\"CVE-2016-3076\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python-pillow FEDORA-2016-35700\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-pillow'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"python-pillow on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-35700\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-April/181943.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-pillow\", rpm:\"python-pillow~3.0.0~4.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3076"], "description": "Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt ), devel (development) and doc (documentation). ", "modified": "2016-04-10T14:35:10", "published": "2016-04-10T14:35:10", "id": "FEDORA:3BBF160B08F9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: python-pillow-3.0.0-4.fc23", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:14:22", "description": "This update fixes an integer overflow in Jpeg2KEncode.c causing a\nbuffer overflow (CVE-2016-3076).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2016-04-13T00:00:00", "title": "Fedora 22 : python-pillow-2.8.2-5.fc22 (2016-6ad4474058)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3076"], "modified": "2016-04-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python-pillow", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-6AD4474058.NASL", "href": "https://www.tenable.com/plugins/nessus/90461", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-6ad4474058.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90461);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2016-6ad4474058\");\n\n script_name(english:\"Fedora 22 : python-pillow-2.8.2-5.fc22 (2016-6ad4474058)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes an integer overflow in Jpeg2KEncode.c causing a\nbuffer overflow (CVE-2016-3076).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-April/181863.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e55afa4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-pillow package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"python-pillow-2.8.2-5.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:14:07", "description": "This update fixes an integer overflow in Jpeg2KEncode.c causing a\nbuffer overflow (CVE-2016-3076).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2016-04-13T00:00:00", "title": "Fedora 23 : python-pillow-3.0.0-4.fc23 (2016-35700c5956)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3076"], "modified": "2016-04-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python-pillow", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-35700C5956.NASL", "href": "https://www.tenable.com/plugins/nessus/90459", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-35700c5956.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90459);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2016-35700c5956\");\n\n script_name(english:\"Fedora 23 : python-pillow-3.0.0-4.fc23 (2016-35700c5956)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes an integer overflow in Jpeg2KEncode.c causing a\nbuffer overflow (CVE-2016-3076).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-April/181943.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2e487f65\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-pillow package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"python-pillow-3.0.0-4.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}
