openSUSE 15 Security Update : python-CairoSVG, python-Pillow (openSUSE-SU-2021:1134-1)

critical Nessus Plugin ID 152473

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1134-1 advisory.

- Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)

- In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)

- In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)

- In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. (CVE-2020-35655)

- An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)

- An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. (CVE-2021-25290)

- An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)

- An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)

- An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
(CVE-2021-25293)

- Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. (CVE-2021-27921)

- Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. (CVE-2021-27922)

- Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. (CVE-2021-27923)

- Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
(CVE-2021-34552)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected python3-CairoSVG, python3-Pillow and / or python3-Pillow-tk packages.

See Also

https://bugzilla.suse.com/1180832

https://bugzilla.suse.com/1180833

https://bugzilla.suse.com/1180834

https://bugzilla.suse.com/1181281

http://www.nessus.org/u?27adf76a

https://www.suse.com/security/cve/CVE-2020-15999

https://www.suse.com/security/cve/CVE-2020-35653

https://www.suse.com/security/cve/CVE-2020-35654

https://www.suse.com/security/cve/CVE-2020-35655

https://www.suse.com/security/cve/CVE-2021-25289

https://www.suse.com/security/cve/CVE-2021-25290

https://www.suse.com/security/cve/CVE-2021-25291

https://www.suse.com/security/cve/CVE-2021-25292

https://www.suse.com/security/cve/CVE-2021-25293

https://www.suse.com/security/cve/CVE-2021-27921

https://www.suse.com/security/cve/CVE-2021-27922

https://www.suse.com/security/cve/CVE-2021-27923

https://www.suse.com/security/cve/CVE-2021-34552

Plugin Details

Severity: Critical

ID: 152473

File Name: openSUSE-2021-1134.nasl

Version: 1.6

Type: local

Agent: unix

Published: 8/11/2021

Updated: 12/5/2022

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-34552

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:python3-pillow, p-cpe:/a:novell:opensuse:python3-cairosvg, p-cpe:/a:novell:opensuse:python3-pillow-tk, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/10/2021

Vulnerability Publication Date: 10/20/2020

CISA Known Exploited Vulnerability Due Dates: 11/17/2021

Reference Information

CVE: CVE-2020-15999, CVE-2020-35653, CVE-2020-35654, CVE-2020-35655, CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921, CVE-2021-27922, CVE-2021-27923, CVE-2021-34552

IAVA: 2020-A-0486-S