Pillow: Multiple vulnerabilities Multiple vulnerabilities have been found in Pillow, the worst of which may allow execution of arbitrary code. pillow 2016-12-31 2016-12-31 507982 573958 599608 599610 599612 local, remote 3.4.2 3.4.2

The friendly PIL fork.

Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details.

A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application, or obtain sensitive information.

A remote attackers could execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.

There is no known workaround at this time.

All Pillow users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-python/pillow-3.4.2" CVE-2014-1932 CVE-2014-1933 CVE-2016-0740 CVE-2016-0775 CVE-2016-2533 CVE-2016-4009 CVE-2016-9189 CVE-2016-9190 keytoaster b-man