Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2017-1049)
2020-01-23T00:00:00
ID OPENVAS:1361412562311220171049 Type openvas Reporter Copyright (C) 2020 Greenbone Networks GmbH Modified 2020-01-23T00:00:00
Description
The remote host is missing an update for the Huawei EulerOS
# Copyright (C) 2020 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) the respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2017.1049");
script_version("2020-01-23T10:46:36+0000");
script_cve_id("CVE-2016-9190");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2020-01-23 10:46:36 +0000 (Thu, 23 Jan 2020)");
script_tag(name:"creation_date", value:"2020-01-23 10:46:36 +0000 (Thu, 23 Jan 2020)");
script_name("Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2017-1049)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone Networks GmbH");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS-2\.0SP1");
script_xref(name:"EulerOS-SA", value:"2017-1049");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1049");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS
'python-pillow' package(s) announced via the EulerOS-SA-2017-1049 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A vulnerability was found in python-pillow. A crafted image file with negative dimensions could cause a buffer to be under-allocated, leading to arbitrary writes on the heap which could cause a crash or, potentially, code execution.(CVE-2016-9190)");
script_tag(name:"affected", value:"'python-pillow' package(s) on Huawei EulerOS V2.0SP1.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"python-pillow", rpm:"python-pillow~2.0.0~19.gitd1c6db8.h1", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
{"id": "OPENVAS:1361412562311220171049", "bulletinFamily": "scanner", "title": "Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2017-1049)", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "published": "2020-01-23T00:00:00", "modified": "2020-01-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171049", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1049", "2017-1049"], "cvelist": ["CVE-2016-9190"], "type": "openvas", "lastseen": "2020-01-27T18:37:17", "history": [], "edition": 1, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "e6f4dd9f89af677fb09cb85e6a1cd971"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "description", "hash": "0292b47d632b8040280c7ecd4cd99928"}, {"key": "href", "hash": "6d614c9c16ed3a76947c8dd364aa6a92"}, {"key": "modified", "hash": "4e320e7e26e176ca1e6ab860ef58a530"}, {"key": "naslFamily", "hash": "76ed4f16978ecfcac038c39ed696d351"}, {"key": "pluginID", "hash": "21cb35437dabbc5f7dc8f74a68582c19"}, {"key": "published", "hash": "4e320e7e26e176ca1e6ab860ef58a530"}, {"key": "references", "hash": "a7597a82cede650974215b60f2ca7073"}, {"key": "reporter", "hash": "4f7d0c57cf015ac526599c62a1cd26c3"}, {"key": "sourceData", "hash": "571f3f009be291cd83fa7131f11a08fe"}, {"key": "title", "hash": "d7f90e3bd953b4fd73abd2b4b77e1551"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "79c9ba5caadcfe03a07d45fc80e0c9260a21a3d4b403e5a2a4c6a66817152886", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-9190"]}, {"type": "github", "idList": ["GHSA-W4VG-RF63-F3J3"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703710", "OPENVAS:703710", "OPENVAS:1361412562311220191709", "OPENVAS:1361412562311220191687", "OPENVAS:1361412562311220192437", "OPENVAS:1361412562310843091", "OPENVAS:1361412562310843088", "OPENVAS:1361412562311220192654"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_BC4898D5A79411E6B2D360A44CE6887B.NASL", "EULEROS_SA-2017-1049.NASL", "DEBIAN_DSA-3710.NASL", "EULEROS_SA-2019-2654.NASL", "EULEROS_SA-2019-1687.NASL", "EULEROS_SA-2019-1709.NASL", "GENTOO_GLSA-201612-52.NASL", "UBUNTU_USN-3229-1.NASL", "UBUNTU_USN-3230-1.NASL", "EULEROS_SA-2019-2437.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3710-1:2363D", "DEBIAN:DLA-705-1:28082"]}, {"type": "freebsd", "idList": ["BC4898D5-A794-11E6-B2D3-60A44CE6887B"]}, {"type": "ubuntu", "idList": ["USN-3229-1", "USN-3230-1"]}, {"type": "gentoo", "idList": ["GLSA-201612-52"]}], "modified": "2020-01-27T18:37:17", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2020-01-27T18:37:17", "rev": 2}, "vulnersScore": 6.7}, "objectVersion": "1.3", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1049\");\n script_version(\"2020-01-23T10:46:36+0000\");\n script_cve_id(\"CVE-2016-9190\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:46:36 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:46:36 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2017-1049)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1049\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1049\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'python-pillow' package(s) announced via the EulerOS-SA-2017-1049 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability was found in python-pillow. A crafted image file with negative dimensions could cause a buffer to be under-allocated, leading to arbitrary writes on the heap which could cause a crash or, potentially, code execution.(CVE-2016-9190)\");\n\n script_tag(name:\"affected\", value:\"'python-pillow' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python-pillow\", rpm:\"python-pillow~2.0.0~19.gitd1c6db8.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "naslFamily": "Huawei EulerOS Local Security Checks", "pluginID": "1361412562311220171049"}
{"cve": [{"lastseen": "2019-05-29T18:15:40", "bulletinFamily": "NVD", "description": "Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the \"crafted image file\" approach, related to an \"Insecure Sign Extension\" issue affecting the ImagingNew in Storage.c component.", "modified": "2017-07-01T01:30:00", "id": "CVE-2016-9190", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9190", "published": "2016-11-04T10:59:00", "title": "CVE-2016-9190", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2020-03-10T23:26:15", "bulletinFamily": "software", "description": "Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the \"crafted image file\" approach, related to an \"Insecure Sign Extension\" issue affecting the ImagingNew in Storage.c component.", "modified": "2019-07-03T21:02:01", "published": "2018-07-12T14:45:42", "id": "GHSA-W4VG-RF63-F3J3", "href": "https://github.com/advisories/GHSA-w4vg-rf63-f3j3", "title": "Moderate severity vulnerability that affects Pillow", "type": "github", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-27T18:39:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191709", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191709", "title": "Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2019-1709)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1709\");\n script_version(\"2020-01-23T12:20:32+0000\");\n script_cve_id(\"CVE-2016-9190\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:20:32 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:20:32 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2019-1709)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1709\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1709\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'python-pillow' package(s) announced via the EulerOS-SA-2019-1709 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability was found in python-pillow. A crafted image file with negative dimensions could cause a buffer to be under-allocated, leading to arbitrary writes on the heap which could cause a crash or, potentially, code execution.(CVE-2016-9190)\");\n\n script_tag(name:\"affected\", value:\"'python-pillow' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python-pillow\", rpm:\"python-pillow~2.0.0~19.h1.gitd1c6db8\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:58", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191687", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191687", "title": "Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2019-1687)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1687\");\n script_version(\"2020-01-23T12:20:01+0000\");\n script_cve_id(\"CVE-2016-9190\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:20:01 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:20:01 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2019-1687)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1687\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1687\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'python-pillow' package(s) announced via the EulerOS-SA-2019-1687 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability was found in python-pillow. A crafted image file with negative dimensions could cause a buffer to be under-allocated, leading to arbitrary writes on the heap which could cause a crash or, potentially, code execution.(CVE-2016-9190)\");\n\n script_tag(name:\"affected\", value:\"'python-pillow' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python-pillow\", rpm:\"python-pillow~2.0.0~19.h1.gitd1c6db8.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:16", "bulletinFamily": "scanner", "description": "Cris Neckar discovered multiple\nvulnerabilities in Pillow, a Python imaging library, which may result in the\nexecution of arbitrary code or information disclosure if a malformed image\nfile is processed.", "modified": "2019-03-18T00:00:00", "published": "2016-11-10T00:00:00", "id": "OPENVAS:1361412562310703710", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703710", "title": "Debian Security Advisory DSA 3710-1 (pillow - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3710.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3710-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703710\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-9189\", \"CVE-2016-9190\");\n script_name(\"Debian Security Advisory DSA 3710-1 (pillow - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-10 00:00:00 +0100 (Thu, 10 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3710.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"pillow on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 2.6.1-2+deb8u3.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 3.4.2-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.4.2-1.\n\nWe recommend that you upgrade your pillow packages.\");\n script_tag(name:\"summary\", value:\"Cris Neckar discovered multiple\nvulnerabilities in Pillow, a Python imaging library, which may result in the\nexecution of arbitrary code or information disclosure if a malformed image\nfile is processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"python-imaging\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil:amd64\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil:i386\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil-dbg:amd64\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil-dbg:i386\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil-doc\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil.imagetk:amd64\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil.imagetk:i386\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil.imagetk-dbg:amd64\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil.imagetk-dbg:i386\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"python3-pil:amd64\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-pil:i386\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"python3-pil-dbg:amd64\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-pil-dbg:i386\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"python3-pil.imagetk:amd64\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-pil.imagetk:i386\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"python3-pil.imagetk-dbg\", ver:\"3.4.2-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-imaging\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-imaging-tk\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil:amd64\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil:i386\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil-dbg:amd64\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil-dbg:i386\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil-doc\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil.imagetk:amd64\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil.imagetk:i386\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil.imagetk-dbg:amd64\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-pil.imagetk-dbg:i386\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-sane:amd64\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-sane:i386\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-sane-dbg:amd64\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-sane-dbg:i386\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-pill:amd64\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-pill:i386\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-pil-dbg:amd64\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-pil-dbg:i386\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-pil.imagetk:amd64\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-pil.imagetk:i386\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-pil.imagetk-dbg\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-sane:amd64\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-sane:i386\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"python3-sane-dbg:amd64\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-sane-dbg:i386\", ver:\"2.6.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:21", "bulletinFamily": "scanner", "description": "Cris Neckar discovered multiple\nvulnerabilities in Pillow, a Python imaging library, which may result in the\nexecution of arbitrary code or information disclosure if a malformed image\nfile is processed.", "modified": "2017-07-07T00:00:00", "published": "2016-11-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703710", "id": "OPENVAS:703710", "title": "Debian Security Advisory DSA 3710-1 (pillow - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3710.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3710-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703710);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-9189\", \"CVE-2016-9190\");\n script_name(\"Debian Security Advisory DSA 3710-1 (pillow - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-11-10 00:00:00 +0100 (Thu, 10 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3710.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"pillow on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 2.6.1-2+deb8u3.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 3.4.2-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.4.2-1.\n\nWe recommend that you upgrade your pillow packages.\");\n script_tag(name: \"summary\", value: \"Cris Neckar discovered multiple\nvulnerabilities in Pillow, a Python imaging library, which may result in the\nexecution of arbitrary code or information disclosure if a malformed image\nfile is processed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"python-imaging\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil:amd64\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil:i386\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil-dbg:amd64\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil-dbg:i386\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil-doc\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil.imagetk:amd64\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil.imagetk:i386\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil.imagetk-dbg:amd64\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil.imagetk-dbg:i386\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"python3-pil:amd64\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-pil:i386\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"python3-pil-dbg:amd64\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-pil-dbg:i386\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"python3-pil.imagetk:amd64\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-pil.imagetk:i386\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"python3-pil.imagetk-dbg\", ver:\"3.4.2-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-imaging\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-imaging-tk\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil:amd64\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil:i386\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil-dbg:amd64\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil-dbg:i386\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil-doc\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil.imagetk:amd64\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil.imagetk:i386\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil.imagetk-dbg:amd64\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-pil.imagetk-dbg:i386\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-sane:amd64\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-sane:i386\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-sane-dbg:amd64\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-sane-dbg:i386\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-pill:amd64\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-pill:i386\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-pil-dbg:amd64\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-pil-dbg:i386\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-pil.imagetk:amd64\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-pil.imagetk:i386\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-pil.imagetk-dbg\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-sane:amd64\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-sane:i386\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"python3-sane-dbg:amd64\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-sane-dbg:i386\", ver:\"2.6.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:34:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-03-14T00:00:00", "id": "OPENVAS:1361412562310843088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843088", "title": "Ubuntu Update for pillow USN-3230-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for pillow USN-3230-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843088\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-14 05:47:44 +0100 (Tue, 14 Mar 2017)\");\n script_cve_id(\"CVE-2014-9601\", \"CVE-2016-9189\", \"CVE-2016-9190\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for pillow USN-3230-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pillow'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that Pillow incorrectly\n handled certain compressed text chunks in PNG images. A remote attacker could\n possibly use this issue to cause Pillow to crash, resulting in a denial of\n service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9601) Cris Neckar\n discovered that Pillow incorrectly handled certain malformed images. A remote\n attacker could use this issue to cause Pillow to crash, resulting in a denial of\n service, or possibly obtain sensitive information. (CVE-2016-9189) Cris Neckar\n discovered that Pillow incorrectly handled certain malformed images. A remote\n attacker could use this issue to cause Pillow to crash, resulting in a denial of\n service, or possibly execute arbitrary code. (CVE-2016-9190)\");\n script_tag(name:\"affected\", value:\"pillow on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3230-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3230-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-imaging\", ver:\"2.3.0-1ubuntu3.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-pil\", ver:\"2.3.0-1ubuntu3.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-imaging\", ver:\"2.3.0-1ubuntu3.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-pil\", ver:\"2.3.0-1ubuntu3.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-imaging\", ver:\"3.3.1-1ubuntu0.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-pil\", ver:\"3.3.1-1ubuntu0.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-pil\", ver:\"3.3.1-1ubuntu0.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-imaging\", ver:\"3.1.2-0ubuntu1.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-pil\", ver:\"3.1.2-0ubuntu1.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-pil\", ver:\"3.1.2-0ubuntu1.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:21", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-03-14T00:00:00", "id": "OPENVAS:1361412562310843091", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843091", "title": "Ubuntu Update for python-imaging USN-3229-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for python-imaging USN-3229-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843091\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-14 05:47:53 +0100 (Tue, 14 Mar 2017)\");\n script_cve_id(\"CVE-2014-9601\", \"CVE-2016-9189\", \"CVE-2016-9190\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for python-imaging USN-3229-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-imaging'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Python Imaging\n Library incorrectly handled certain compressed text chunks in PNG images. A\n remote attacker could possibly use this issue to cause the Python Imaging\n Library to crash, resulting in a denial of service. (CVE-2014-9601) Cris Neckar\n discovered that the Python Imaging Library incorrectly handled certain malformed\n images. A remote attacker could use this issue to cause the Python Imaging\n Library to crash, resulting in a denial of service, or possibly obtain sensitive\n information. (CVE-2016-9189) Cris Neckar discovered that the Python Imaging\n Library incorrectly handled certain malformed images. A remote attacker could\n use this issue to cause the Python Imaging Library to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2016-9190)\");\n script_tag(name:\"affected\", value:\"python-imaging on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3229-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3229-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-imaging\", ver:\"1.1.7-4ubuntu0.12.04.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:28", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192437", "title": "Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2019-2437)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2437\");\n script_version(\"2020-01-23T12:56:42+0000\");\n script_cve_id(\"CVE-2014-1932\", \"CVE-2014-1933\", \"CVE-2014-3007\", \"CVE-2014-3589\", \"CVE-2014-9601\", \"CVE-2016-0740\", \"CVE-2016-0775\", \"CVE-2016-2533\", \"CVE-2016-9189\", \"CVE-2016-9190\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:56:42 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:56:42 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2019-2437)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2437\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2437\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'python-pillow' package(s) announced via the EulerOS-SA-2019-2437 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.(CVE-2014-9601)\n\nThe (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.(CVE-2014-1932)\n\nThe (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.(CVE-2014-1933)\n\nPython Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.(CVE-2014-3007)\n\nPIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.(CVE-2014-3589)\n\nBuffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.(CVE-2016-0740)\n\nBuffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.(CVE-2016-0775)\n\nBuffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.(CVE-2016-2533)\n\nPillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the 'crafted image file' approach, related to an 'Integer Overflow' issue affecting the Image.core.map_buffer in map.c component.(CVE-2016-9189)\n\nPillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the 'crafted image file' approach, related to an 'Insecure Sign Extension' issue affecting the ImagingNew in Storage.c component.(CVE-2016-9190)\");\n\n script_tag(name:\"affected\", value:\"'python-pillow' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python-pillow\", rpm:\"python-pillow~2.0.0~19.gitd1c6db8.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:57", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192654", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192654", "title": "Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2019-2654)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2654\");\n script_version(\"2020-01-23T13:12:30+0000\");\n script_cve_id(\"CVE-2014-1932\", \"CVE-2014-1933\", \"CVE-2014-3007\", \"CVE-2014-3589\", \"CVE-2014-9601\", \"CVE-2016-0740\", \"CVE-2016-0775\", \"CVE-2016-2533\", \"CVE-2016-9189\", \"CVE-2016-9190\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:12:30 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:12:30 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2019-2654)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2654\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2654\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'python-pillow' package(s) announced via the EulerOS-SA-2019-2654 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.(CVE-2016-0775)\n\nBuffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.(CVE-2016-0740)\n\nBuffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.(CVE-2016-2533)\n\nPIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.(CVE-2014-3589)\n\nPillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.(CVE-2014-9601)\n\nPillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the 'crafted image file' approach, related to an 'Insecure Sign Extension' issue affecting the ImagingNew in Storage.c component.(CVE-2016-9190)\n\nPillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the 'crafted image file' approach, related to an 'Integer Overflow' issue affecting the Image.core.map_buffer in map.c component.(CVE-2016-9189)\n\nPython Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.(CVE-2014-3007)\n\nThe (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.(CVE-2014-1933)\n\nThe (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.(CVE-2014-1932)\");\n\n script_tag(name:\"affected\", value:\"'python-pillow' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python-pillow\", rpm:\"python-pillow~2.0.0~19.gitd1c6db8.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-05-06T00:41:38", "bulletinFamily": "scanner", "description": "According to the version of the python-pillow package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - A vulnerability was found in python-pillow. A crafted\n image file with negative dimensions could cause a\n buffer to be under-allocated, leading to arbitrary\n writes on the heap which could cause a crash or,\n potentially, code execution.(CVE-2016-9190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2017-05-01T00:00:00", "id": "EULEROS_SA-2017-1049.NASL", "href": "https://www.tenable.com/plugins/nessus/99894", "published": "2017-05-01T00:00:00", "title": "EulerOS 2.0 SP1 : python-pillow (EulerOS-SA-2017-1049)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99894);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/04\");\n\n script_cve_id(\n \"CVE-2016-9190\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : python-pillow (EulerOS-SA-2017-1049)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the python-pillow package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - A vulnerability was found in python-pillow. A crafted\n image file with negative dimensions could cause a\n buffer to be under-allocated, leading to arbitrary\n writes on the heap which could cause a crash or,\n potentially, code execution.(CVE-2016-9190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1049\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?31d2b391\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-pillow-2.0.0-19.gitd1c6db8.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T00:46:43", "bulletinFamily": "scanner", "description": "According to the version of the python-pillow package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - A vulnerability was found in python-pillow. A crafted\n image file with negative dimensions could cause a\n buffer to be under-allocated, leading to arbitrary\n writes on the heap which could cause a crash or,\n potentially, code execution.(CVE-2016-9190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-08-02T00:00:00", "id": "EULEROS_SA-2019-1709.NASL", "href": "https://www.tenable.com/plugins/nessus/126551", "published": "2019-07-09T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2019-1709)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126551);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\n \"CVE-2016-9190\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2019-1709)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the python-pillow package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - A vulnerability was found in python-pillow. A crafted\n image file with negative dimensions could cause a\n buffer to be under-allocated, leading to arbitrary\n writes on the heap which could cause a crash or,\n potentially, code execution.(CVE-2016-9190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1709\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b75e96c9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-pillow-2.0.0-19.h1.gitd1c6db8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-06T00:49:22", "bulletinFamily": "scanner", "description": "According to the version of the python-pillow package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - A vulnerability was found in python-pillow. A crafted\n image file with negative dimensions could cause a\n buffer to be under-allocated, leading to arbitrary\n writes on the heap which could cause a crash or,\n potentially, code execution.(CVE-2016-9190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-07-02T00:00:00", "id": "EULEROS_SA-2019-1687.NASL", "href": "https://www.tenable.com/plugins/nessus/126428", "published": "2019-07-02T00:00:00", "title": "EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2019-1687)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126428);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/04\");\n\n script_cve_id(\n \"CVE-2016-9190\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2019-1687)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the python-pillow package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - A vulnerability was found in python-pillow. A crafted\n image file with negative dimensions could cause a\n buffer to be under-allocated, leading to arbitrary\n writes on the heap which could cause a crash or,\n potentially, code execution.(CVE-2016-9190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1687\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a41556bd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-pillow-2.0.0-19.h1.gitd1c6db8.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T01:18:11", "bulletinFamily": "scanner", "description": "Cris Neckar discovered multiple vulnerabilities in Pillow, a Python\nimaging library, which may result in the execution of arbitrary code\nor information disclosure if a malformed image file is processed.", "modified": "2020-08-02T00:00:00", "id": "DEBIAN_DSA-3710.NASL", "href": "https://www.tenable.com/plugins/nessus/94738", "published": "2016-11-11T00:00:00", "title": "Debian DSA-3710-1 : pillow - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3710. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94738);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:38\");\n\n script_cve_id(\"CVE-2016-9189\", \"CVE-2016-9190\");\n script_xref(name:\"DSA\", value:\"3710\");\n\n script_name(english:\"Debian DSA-3710-1 : pillow - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Cris Neckar discovered multiple vulnerabilities in Pillow, a Python\nimaging library, which may result in the execution of arbitrary code\nor information disclosure if a malformed image file is processed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/pillow\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3710\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the pillow packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 2.6.1-2+deb8u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"python-imaging\", reference:\"2.6.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-imaging-tk\", reference:\"2.6.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-pil\", reference:\"2.6.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-pil-dbg\", reference:\"2.6.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-pil-doc\", reference:\"2.6.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-pil.imagetk\", reference:\"2.6.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-pil.imagetk-dbg\", reference:\"2.6.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-sane\", reference:\"2.6.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-sane-dbg\", reference:\"2.6.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3-pil\", reference:\"2.6.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3-pil-dbg\", reference:\"2.6.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3-pil.imagetk\", reference:\"2.6.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3-pil.imagetk-dbg\", reference:\"2.6.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3-sane\", reference:\"2.6.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3-sane-dbg\", reference:\"2.6.1-2+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T02:23:17", "bulletinFamily": "scanner", "description": "Pillow reports :\n\nPillow prior to 3.3.2 may experience integer overflow errors in map.c\nwhen reading specially crafted image files. This may lead to memory\ndisclosure or corruption.\n\nPillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for\nnegative image sizes in ImagingNew in Storage.c. A negative image size\ncan lead to a smaller allocation than expected, leading to arbi trary\nwrites.", "modified": "2020-08-02T00:00:00", "id": "FREEBSD_PKG_BC4898D5A79411E6B2D360A44CE6887B.NASL", "href": "https://www.tenable.com/plugins/nessus/95513", "published": "2016-12-05T00:00:00", "title": "FreeBSD : Pillow -- multiple vulnerabilities (bc4898d5-a794-11e6-b2d3-60a44ce6887b)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95513);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/11/23 12:49:57\");\n\n script_cve_id(\"CVE-2016-9189\", \"CVE-2016-9190\");\n\n script_name(english:\"FreeBSD : Pillow -- multiple vulnerabilities (bc4898d5-a794-11e6-b2d3-60a44ce6887b)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Pillow reports :\n\nPillow prior to 3.3.2 may experience integer overflow errors in map.c\nwhen reading specially crafted image files. This may lead to memory\ndisclosure or corruption.\n\nPillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for\nnegative image sizes in ImagingNew in Storage.c. A negative image size\ncan lead to a smaller allocation than expected, leading to arbi trary\nwrites.\"\n );\n # http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/python-pillow/Pillow/issues/2105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214410\"\n );\n # https://vuxml.freebsd.org/freebsd/bc4898d5-a794-11e6-b2d3-60a44ce6887b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1cd0e36a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py27-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py33-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py34-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py35-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"py27-pillow<3.3.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py33-pillow<3.3.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py34-pillow<3.3.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py35-pillow<3.3.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T05:28:28", "bulletinFamily": "scanner", "description": "It was discovered that the Python Imaging Library incorrectly handled\ncertain compressed text chunks in PNG images. A remote attacker could\npossibly use this issue to cause the Python Imaging Library to crash,\nresulting in a denial of service. (CVE-2014-9601)\n\nCris Neckar discovered that the Python Imaging Library incorrectly\nhandled certain malformed images. A remote attacker could use this\nissue to cause the Python Imaging Library to crash, resulting in a\ndenial of service, or possibly obtain sensitive information.\n(CVE-2016-9189)\n\nCris Neckar discovered that the Python Imaging Library incorrectly\nhandled certain malformed images. A remote attacker could use this\nissue to cause the Python Imaging Library to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2016-9190).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-08-02T00:00:00", "id": "UBUNTU_USN-3229-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97722", "published": "2017-03-14T00:00:00", "title": "Ubuntu 12.04 LTS : python-imaging vulnerabilities (USN-3229-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3229-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97722);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2014-9601\", \"CVE-2016-9189\", \"CVE-2016-9190\");\n script_xref(name:\"USN\", value:\"3229-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : python-imaging vulnerabilities (USN-3229-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Python Imaging Library incorrectly handled\ncertain compressed text chunks in PNG images. A remote attacker could\npossibly use this issue to cause the Python Imaging Library to crash,\nresulting in a denial of service. (CVE-2014-9601)\n\nCris Neckar discovered that the Python Imaging Library incorrectly\nhandled certain malformed images. A remote attacker could use this\nissue to cause the Python Imaging Library to crash, resulting in a\ndenial of service, or possibly obtain sensitive information.\n(CVE-2016-9189)\n\nCris Neckar discovered that the Python Imaging Library incorrectly\nhandled certain malformed images. A remote attacker could use this\nissue to cause the Python Imaging Library to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2016-9190).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3229-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-imaging package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-imaging\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python-imaging\", pkgver:\"1.1.7-4ubuntu0.12.04.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-imaging\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T05:28:29", "bulletinFamily": "scanner", "description": "It was discovered that Pillow incorrectly handled certain compressed\ntext chunks in PNG images. A remote attacker could possibly use this\nissue to cause Pillow to crash, resulting in a denial of service. This\nissue only affected Ubuntu 14.04 LTS. (CVE-2014-9601)\n\nCris Neckar discovered that Pillow incorrectly handled certain\nmalformed images. A remote attacker could use this issue to cause\nPillow to crash, resulting in a denial of service, or possibly obtain\nsensitive information. (CVE-2016-9189)\n\nCris Neckar discovered that Pillow incorrectly handled certain\nmalformed images. A remote attacker could use this issue to cause\nPillow to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2016-9190).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-08-02T00:00:00", "id": "UBUNTU_USN-3230-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97723", "published": "2017-03-14T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : pillow vulnerabilities (USN-3230-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3230-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97723);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2014-9601\", \"CVE-2016-9189\", \"CVE-2016-9190\");\n script_xref(name:\"USN\", value:\"3230-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : pillow vulnerabilities (USN-3230-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Pillow incorrectly handled certain compressed\ntext chunks in PNG images. A remote attacker could possibly use this\nissue to cause Pillow to crash, resulting in a denial of service. This\nissue only affected Ubuntu 14.04 LTS. (CVE-2014-9601)\n\nCris Neckar discovered that Pillow incorrectly handled certain\nmalformed images. A remote attacker could use this issue to cause\nPillow to crash, resulting in a denial of service, or possibly obtain\nsensitive information. (CVE-2016-9189)\n\nCris Neckar discovered that Pillow incorrectly handled certain\nmalformed images. A remote attacker could use this issue to cause\nPillow to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2016-9190).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3230-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-imaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-pil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-imaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-pil\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python-imaging\", pkgver:\"2.3.0-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python-pil\", pkgver:\"2.3.0-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3-imaging\", pkgver:\"2.3.0-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3-pil\", pkgver:\"2.3.0-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python-imaging\", pkgver:\"3.1.2-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python-pil\", pkgver:\"3.1.2-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python3-pil\", pkgver:\"3.1.2-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"python-imaging\", pkgver:\"3.3.1-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"python-pil\", pkgver:\"3.3.1-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"python3-pil\", pkgver:\"3.3.1-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-imaging / python-pil / python3-imaging / python3-pil\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T02:27:01", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201612-52\n(Pillow: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Pillow. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A local attacker could perform symlink attacks to overwrite arbitrary\n files with the privileges of the user running the application, or obtain\n sensitive information.\n A remote attackers could execute arbitrary code with the privileges of\n the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2020-08-02T00:00:00", "id": "GENTOO_GLSA-201612-52.NASL", "href": "https://www.tenable.com/plugins/nessus/96227", "published": "2017-01-03T00:00:00", "title": "GLSA-201612-52 : Pillow: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-52.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96227);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/01/03 14:55:09 $\");\n\n script_cve_id(\"CVE-2014-1932\", \"CVE-2014-1933\", \"CVE-2016-0740\", \"CVE-2016-0775\", \"CVE-2016-2533\", \"CVE-2016-4009\", \"CVE-2016-9189\", \"CVE-2016-9190\");\n script_xref(name:\"GLSA\", value:\"201612-52\");\n\n script_name(english:\"GLSA-201612-52 : Pillow: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-52\n(Pillow: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Pillow. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A local attacker could perform symlink attacks to overwrite arbitrary\n files with the privileges of the user running the application, or obtain\n sensitive information.\n A remote attackers could execute arbitrary code with the privileges of\n the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-52\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Pillow users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-python/pillow-3.4.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-python/pillow\", unaffected:make_list(\"ge 3.4.2\"), vulnerable:make_list(\"lt 3.4.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Pillow\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-08T16:47:12", "bulletinFamily": "scanner", "description": "According to the versions of the python-pillow package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Buffer overflow in the ImagingFliDecode function in\n libImaging/FliDecode.c in Pillow before 3.1.1 allows\n remote attackers to cause a denial of service (crash)\n via a crafted FLI file.(CVE-2016-0775)\n\n - Buffer overflow in the ImagingLibTiffDecode function in\n libImaging/TiffDecode.c in Pillow before 3.1.1 allows\n remote attackers to overwrite memory via a crafted TIFF\n file.(CVE-2016-0740)\n\n - Buffer overflow in the ImagingPcdDecode function in\n PcdDecode.c in Pillow before 3.1.1 and Python Imaging\n Library (PIL) 1.1.7 and earlier allows remote attackers\n to cause a denial of service (crash) via a crafted\n PhotoCD file.(CVE-2016-2533)\n\n - PIL/IcnsImagePlugin.py in Python Imaging Library (PIL)\n and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows\n remote attackers to cause a denial of service via a\n crafted block size.(CVE-2014-3589)\n\n - Pillow before 2.7.0 allows remote attackers to cause a\n denial of service via a compressed text chunk in a PNG\n image that has a large size when it is\n decompressed.(CVE-2014-9601)\n\n - Pillow before 3.3.2 allows context-dependent attackers\n to execute arbitrary code by using the ", "modified": "2019-12-18T00:00:00", "id": "EULEROS_SA-2019-2654.NASL", "href": "https://www.tenable.com/plugins/nessus/132189", "published": "2019-12-18T00:00:00", "title": "EulerOS 2.0 SP3 : python-pillow (EulerOS-SA-2019-2654)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132189);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/07\");\n\n script_cve_id(\n \"CVE-2014-1932\",\n \"CVE-2014-1933\",\n \"CVE-2014-3007\",\n \"CVE-2014-3589\",\n \"CVE-2014-9601\",\n \"CVE-2016-0740\",\n \"CVE-2016-0775\",\n \"CVE-2016-2533\",\n \"CVE-2016-9189\",\n \"CVE-2016-9190\"\n );\n script_bugtraq_id(\n 65511,\n 65513,\n 67150,\n 69352\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : python-pillow (EulerOS-SA-2019-2654)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Buffer overflow in the ImagingFliDecode function in\n libImaging/FliDecode.c in Pillow before 3.1.1 allows\n remote attackers to cause a denial of service (crash)\n via a crafted FLI file.(CVE-2016-0775)\n\n - Buffer overflow in the ImagingLibTiffDecode function in\n libImaging/TiffDecode.c in Pillow before 3.1.1 allows\n remote attackers to overwrite memory via a crafted TIFF\n file.(CVE-2016-0740)\n\n - Buffer overflow in the ImagingPcdDecode function in\n PcdDecode.c in Pillow before 3.1.1 and Python Imaging\n Library (PIL) 1.1.7 and earlier allows remote attackers\n to cause a denial of service (crash) via a crafted\n PhotoCD file.(CVE-2016-2533)\n\n - PIL/IcnsImagePlugin.py in Python Imaging Library (PIL)\n and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows\n remote attackers to cause a denial of service via a\n crafted block size.(CVE-2014-3589)\n\n - Pillow before 2.7.0 allows remote attackers to cause a\n denial of service via a compressed text chunk in a PNG\n image that has a large size when it is\n decompressed.(CVE-2014-9601)\n\n - Pillow before 3.3.2 allows context-dependent attackers\n to execute arbitrary code by using the 'crafted image\n file' approach, related to an 'Insecure Sign Extension'\n issue affecting the ImagingNew in Storage.c\n component.(CVE-2016-9190)\n\n - Pillow before 3.3.2 allows context-dependent attackers\n to obtain sensitive information by using the 'crafted\n image file' approach, related to an 'Integer Overflow'\n issue affecting the Image.core.map_buffer in map.c\n component.(CVE-2016-9189)\n\n - Python Image Library (PIL) 1.1.7 and earlier and Pillow\n 2.3 might allow remote attackers to execute arbitrary\n commands via shell metacharacters in unspecified\n vectors related to CVE-2014-1932, possibly\n JpegImagePlugin.py.(CVE-2014-3007)\n\n - The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py\n scripts in Python Image Library (PIL) 1.1.7 and earlier\n and Pillow before 2.3.1 uses the names of temporary\n files on the command line, which makes it easier for\n local users to conduct symlink attacks by listing the\n processes.(CVE-2014-1933)\n\n - The (1) load_djpeg function in JpegImagePlugin.py, (2)\n Ghostscript function in EpsImagePlugin.py, (3) load\n function in IptcImagePlugin.py, and (4) _copy function\n in Image.py in Python Image Library (PIL) 1.1.7 and\n earlier and Pillow before 2.3.1 do not properly create\n temporary files, which allow local users to overwrite\n arbitrary files and obtain sensitive information via a\n symlink attack on the temporary file.(CVE-2014-1932)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2654\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0762997\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-pillow-2.0.0-19.gitd1c6db8.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-08T16:46:41", "bulletinFamily": "scanner", "description": "According to the versions of the python-pillow package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Pillow before 2.7.0 allows remote attackers to cause a\n denial of service via a compressed text chunk in a PNG\n image that has a large size when it is\n decompressed.(CVE-2014-9601)\n\n - The (1) load_djpeg function in JpegImagePlugin.py, (2)\n Ghostscript function in EpsImagePlugin.py, (3) load\n function in IptcImagePlugin.py, and (4) _copy function\n in Image.py in Python Image Library (PIL) 1.1.7 and\n earlier and Pillow before 2.3.1 do not properly create\n temporary files, which allow local users to overwrite\n arbitrary files and obtain sensitive information via a\n symlink attack on the temporary file.(CVE-2014-1932)\n\n - The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py\n scripts in Python Image Library (PIL) 1.1.7 and earlier\n and Pillow before 2.3.1 uses the names of temporary\n files on the command line, which makes it easier for\n local users to conduct symlink attacks by listing the\n processes.(CVE-2014-1933)\n\n - Python Image Library (PIL) 1.1.7 and earlier and Pillow\n 2.3 might allow remote attackers to execute arbitrary\n commands via shell metacharacters in unspecified\n vectors related to CVE-2014-1932, possibly\n JpegImagePlugin.py.(CVE-2014-3007)\n\n - PIL/IcnsImagePlugin.py in Python Imaging Library (PIL)\n and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows\n remote attackers to cause a denial of service via a\n crafted block size.(CVE-2014-3589)\n\n - Buffer overflow in the ImagingLibTiffDecode function in\n libImaging/TiffDecode.c in Pillow before 3.1.1 allows\n remote attackers to overwrite memory via a crafted TIFF\n file.(CVE-2016-0740)\n\n - Buffer overflow in the ImagingFliDecode function in\n libImaging/FliDecode.c in Pillow before 3.1.1 allows\n remote attackers to cause a denial of service (crash)\n via a crafted FLI file.(CVE-2016-0775)\n\n - Buffer overflow in the ImagingPcdDecode function in\n PcdDecode.c in Pillow before 3.1.1 and Python Imaging\n Library (PIL) 1.1.7 and earlier allows remote attackers\n to cause a denial of service (crash) via a crafted\n PhotoCD file.(CVE-2016-2533)\n\n - Pillow before 3.3.2 allows context-dependent attackers\n to obtain sensitive information by using the ", "modified": "2019-12-04T00:00:00", "id": "EULEROS_SA-2019-2437.NASL", "href": "https://www.tenable.com/plugins/nessus/131591", "published": "2019-12-04T00:00:00", "title": "EulerOS 2.0 SP2 : python-pillow (EulerOS-SA-2019-2437)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131591);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/07\");\n\n script_cve_id(\n \"CVE-2014-1932\",\n \"CVE-2014-1933\",\n \"CVE-2014-3007\",\n \"CVE-2014-3589\",\n \"CVE-2014-9601\",\n \"CVE-2016-0740\",\n \"CVE-2016-0775\",\n \"CVE-2016-2533\",\n \"CVE-2016-9189\",\n \"CVE-2016-9190\"\n );\n script_bugtraq_id(\n 65511,\n 65513,\n 67150,\n 69352\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : python-pillow (EulerOS-SA-2019-2437)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Pillow before 2.7.0 allows remote attackers to cause a\n denial of service via a compressed text chunk in a PNG\n image that has a large size when it is\n decompressed.(CVE-2014-9601)\n\n - The (1) load_djpeg function in JpegImagePlugin.py, (2)\n Ghostscript function in EpsImagePlugin.py, (3) load\n function in IptcImagePlugin.py, and (4) _copy function\n in Image.py in Python Image Library (PIL) 1.1.7 and\n earlier and Pillow before 2.3.1 do not properly create\n temporary files, which allow local users to overwrite\n arbitrary files and obtain sensitive information via a\n symlink attack on the temporary file.(CVE-2014-1932)\n\n - The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py\n scripts in Python Image Library (PIL) 1.1.7 and earlier\n and Pillow before 2.3.1 uses the names of temporary\n files on the command line, which makes it easier for\n local users to conduct symlink attacks by listing the\n processes.(CVE-2014-1933)\n\n - Python Image Library (PIL) 1.1.7 and earlier and Pillow\n 2.3 might allow remote attackers to execute arbitrary\n commands via shell metacharacters in unspecified\n vectors related to CVE-2014-1932, possibly\n JpegImagePlugin.py.(CVE-2014-3007)\n\n - PIL/IcnsImagePlugin.py in Python Imaging Library (PIL)\n and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows\n remote attackers to cause a denial of service via a\n crafted block size.(CVE-2014-3589)\n\n - Buffer overflow in the ImagingLibTiffDecode function in\n libImaging/TiffDecode.c in Pillow before 3.1.1 allows\n remote attackers to overwrite memory via a crafted TIFF\n file.(CVE-2016-0740)\n\n - Buffer overflow in the ImagingFliDecode function in\n libImaging/FliDecode.c in Pillow before 3.1.1 allows\n remote attackers to cause a denial of service (crash)\n via a crafted FLI file.(CVE-2016-0775)\n\n - Buffer overflow in the ImagingPcdDecode function in\n PcdDecode.c in Pillow before 3.1.1 and Python Imaging\n Library (PIL) 1.1.7 and earlier allows remote attackers\n to cause a denial of service (crash) via a crafted\n PhotoCD file.(CVE-2016-2533)\n\n - Pillow before 3.3.2 allows context-dependent attackers\n to obtain sensitive information by using the 'crafted\n image file' approach, related to an 'Integer Overflow'\n issue affecting the Image.core.map_buffer in map.c\n component.(CVE-2016-9189)\n\n - Pillow before 3.3.2 allows context-dependent attackers\n to execute arbitrary code by using the 'crafted image\n file' approach, related to an 'Insecure Sign Extension'\n issue affecting the ImagingNew in Storage.c\n component.(CVE-2016-9190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2437\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6a3bdf53\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-pillow-2.0.0-19.gitd1c6db8.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:26", "bulletinFamily": "unix", "description": "\nPillow reports:\n\nPillow prior to 3.3.2 may experience integer overflow\n\t errors in map.c when reading specially crafted image files. This may\n\t lead to memory disclosure or corruption.\nPillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check\n\t for negative image sizes in ImagingNew in Storage.c. A negative image\n\t size can lead to a smaller allocation than expected, leading to arbi\n\t trary writes.\n\n", "modified": "2016-09-06T00:00:00", "published": "2016-09-06T00:00:00", "id": "BC4898D5-A794-11E6-B2D3-60A44CE6887B", "href": "https://vuxml.freebsd.org/freebsd/bc4898d5-a794-11e6-b2d3-60a44ce6887b.html", "title": "Pillow -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-07-14T13:02:05", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3710-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 10, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : pillow\nCVE ID : CVE-2016-9189 CVE-2016-9190\n\nCris Neckar discovered multiple vulnerabilities in Pillow, a Python\nimaging library, which may result in the execution of arbitrary code or\ninformation disclosure if a malformed image file is processed.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.6.1-2+deb8u3.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 3.4.2-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.4.2-1.\n\nWe recommend that you upgrade your pillow packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-11-10T22:11:23", "published": "2016-11-10T22:11:23", "id": "DEBIAN:DSA-3710-1:2363D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00293.html", "title": "[SECURITY] [DSA 3710-1] pillow security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-14T12:49:12", "bulletinFamily": "unix", "description": "Package : python-imaging\nVersion : 1.1.7-4+deb7u3\nCVE IDs : CVE-2016-9189 CVE-2016-9190\n\nIt was discovered that there were a number of memory overflow issues in in\npython-imaging, a Python image manipulation library.\n\nFor Debian 7 "Wheezy", this issue has been fixed in python-imaging version\n1.1.7-4+deb7u3.\n\nWe recommend that you upgrade your python-imaging packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-\n\n", "modified": "2016-11-07T16:15:29", "published": "2016-11-07T16:15:29", "id": "DEBIAN:DLA-705-1:28082", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201611/msg00013.html", "title": "[SECURITY] [DLA 705-1] python-imaging security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:58", "bulletinFamily": "unix", "description": "It was discovered that Pillow incorrectly handled certain compressed text \nchunks in PNG images. A remote attacker could possibly use this issue to \ncause Pillow to crash, resulting in a denial of service. This issue only \naffected Ubuntu 14.04 LTS. (CVE-2014-9601)\n\nCris Neckar discovered that Pillow incorrectly handled certain malformed \nimages. A remote attacker could use this issue to cause Pillow to crash, \nresulting in a denial of service, or possibly obtain sensitive information. \n(CVE-2016-9189)\n\nCris Neckar discovered that Pillow incorrectly handled certain malformed \nimages. A remote attacker could use this issue to cause Pillow to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2016-9190)", "modified": "2017-03-13T00:00:00", "published": "2017-03-13T00:00:00", "id": "USN-3230-1", "href": "https://ubuntu.com/security/notices/USN-3230-1", "title": "Pillow vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:33:45", "bulletinFamily": "unix", "description": "It was discovered that the Python Imaging Library incorrectly handled \ncertain compressed text chunks in PNG images. A remote attacker could \npossibly use this issue to cause the Python Imaging Library to crash, \nresulting in a denial of service. (CVE-2014-9601)\n\nCris Neckar discovered that the Python Imaging Library incorrectly handled \ncertain malformed images. A remote attacker could use this issue to cause \nthe Python Imaging Library to crash, resulting in a denial of service, or \npossibly obtain sensitive information. (CVE-2016-9189)\n\nCris Neckar discovered that the Python Imaging Library incorrectly handled \ncertain malformed images. A remote attacker could use this issue to cause \nthe Python Imaging Library to crash, resulting in a denial of service, or \npossibly execute arbitrary code. (CVE-2016-9190)", "modified": "2017-03-13T00:00:00", "published": "2017-03-13T00:00:00", "id": "USN-3229-1", "href": "https://ubuntu.com/security/notices/USN-3229-1", "title": "Python Imaging Library vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2017-01-01T02:13:30", "bulletinFamily": "unix", "description": "### Background\n\nThe friendly PIL fork.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application, or obtain sensitive information. \n\nA remote attackers could execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Pillow users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-python/pillow-3.4.2\"", "modified": "2016-12-31T00:00:00", "published": "2016-12-31T00:00:00", "href": "https://security.gentoo.org/glsa/201612-52", "id": "GLSA-201612-52", "type": "gentoo", "title": "Pillow: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
