Oval Definition:	oval:com.ubuntu.precise:def:20141932000
Revision Date: 2014-04-17 Version: 1 Title: CVE-2014-1932 on Ubuntu 12.04 LTS (precise) - medium. Description: The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. Family: unix Class: vulnerability Status: Reference(s): CVE-2014-1932 Platform(s): Ubuntu 12.04 LTS Product(s): Definition Synopsis Ubuntu 12.04 LTS (precise) is installed. AND The 'python-imaging' package in precise was vulnerable but has been fixed (note: '1.1.7-4ubuntu0.12.04.1').
BACK