 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| CVE Kennung: | CVE-2014-1932 |
| Beschreibung: | The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. |
| Test Kennungen: | 1.3.6.1.4.1.25623.1.1.4.2014.0705.1 |
| Querverweise: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-1932 BugTraq ID: 65511 http://www.securityfocus.com/bid/65511 https://security.gentoo.org/glsa/201612-52 http://www.openwall.com/lists/oss-security/2014/02/11/1 SuSE Security Announcement: openSUSE-SU-2014:0591 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html http://www.ubuntu.com/usn/USN-2168-1 |