{"affected":[],"aliases":[],"details":"\npython-pillow has been updated to 2.7.0 to fix three security issues.\n\nThe following vulnerabilities have been fixed:\n\n * CVE-2014-9601: Remote attackers could have caused a denial of service\n via a compressed text chunk in a PNG image that has a large size when\n it is decompressed.\n * CVE-2014-3598: Remote attackers could have caused a denial of service\n using specially crafted image files via Jpeg2KImagePlugin.\n * CVE-2014-3589: Remote attackers could have caused a denial of service\n using specially crafted image files via IcnsImagePlugin.\n * CVE-2014-1932: A local user could have overwritten arbitrary files\n and obtain sensitive information via a symlink attack on the\n temporary file.\n * CVE-2014-1933: A local user could have gained information helpful for\n symlink attacks by listing process information which uses the names\n of temporary files on the command line.\n\nSecurity Issues:\n\n * CVE-2014-9601\n \n * CVE-2014-3598\n \n * CVE-2014-3589\n \n * CVE-2014-1932\n \n * CVE-2014-1933\n \n\n","id":"SUSE-SU-2015:0777-1","modified":"2015-04-22T14:27:27Z","published":"2015-04-22T14:27:27Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20150777-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/921566"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-1932"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-1933"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3589"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3598"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-9601"}],"related":["CVE-2014-1932","CVE-2014-1933","CVE-2014-3589","CVE-2014-3598","CVE-2014-9601"],"summary":"Security update for python-Pillow","upstream":["CVE-2014-1932","CVE-2014-1933","CVE-2014-3589","CVE-2014-3598","CVE-2014-9601"]}