Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Pillow" Package


  • Please log in to reply
5 replies to this topic

#1 pcpunk

pcpunk

  • Members
  • 5,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:49 PM

Posted 30 September 2016 - 12:46 PM

Will someone tell me more clearly what this Package Description means.  I don't want to Remove it but it seems to be saying that I can if I want, or if I don't need it?

 

K8bMUeR.png

 

Thanks, pcpunk


Edited by pcpunk, 30 September 2016 - 12:46 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


BC AdBot (Login to Remove)

 


#2 MadmanRB

MadmanRB

    Spoon!!!!


  • Members
  • 2,885 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No time for that when there is evil afoot!
  • Local time:10:49 PM

Posted 30 September 2016 - 04:26 PM

its a transitional package but I would keep it as a lot of apps rely on pytrhon and you may not want to break anything.

Its probably a upstream patch 


Edited by MadmanRB, 30 September 2016 - 04:27 PM.

You know you want me baby!

Proud Linux user and dual booter.

Proud Vivaldi user.

 

ljxaqg-6.png


#3 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:49 PM

Posted 30 September 2016 - 04:42 PM

I guess this info is for people that understand this stuff way more than I lol, thanks Madman!


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#4 MadmanRB

MadmanRB

    Spoon!!!!


  • Members
  • 2,885 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No time for that when there is evil afoot!
  • Local time:10:49 PM

Posted 30 September 2016 - 04:46 PM

Yeah sometimes transitional packages are key, in linux the updates and packages are in segments because there are no .exe packages nor self extracting binaries.

This is both a good and a bad thing, on one hand packages can remain smaller but at the same time cause issues like dependencies (extra libraries you may need to make things work)

Basically Linux uses glorified .zip files to make things work, sure they still can install apps but its not the same method that windows does.


Edited by MadmanRB, 30 September 2016 - 04:47 PM.

You know you want me baby!

Proud Linux user and dual booter.

Proud Vivaldi user.

 

ljxaqg-6.png


#5 wizardfromoz

wizardfromoz

  • Banned
  • 2,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 05 October 2016 - 07:12 PM

Its probably a upstream patch 

 

Madman is right on the money.

 

Pillow is a fork from the now deprecated PIL used in Python to encode jpegs, pngs, &c.

 

This site http://www.linuxsecurity.com/content/view/168594?rdf  has in part the following:

 

It was discovered that a flaw in processing a compressed text chunk in
a PNG image could cause the image to have a large size when decompressed,
potentially leading to a denial of service. (CVE-2014-9601)

Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)

Eric Soroos discovered that Pillow incorrectly handled certain malformed
FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to
cause Pillow to crash, resulting in a denial of service.
(CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)

 

Bear in mind that Pillow, being Python, is cross-platform covering Windows and Mac as well as Linux, and so any security risk to Linux users is next to nil.

 

The timing of the above was 30 September, and that would account for pcpunk's patch appearing.

 

If you choose to remove it, or choose to install it, the choice is simple:

 

  1. Take a Timeshift on-demand snapshot of your system
  2. Label it (in the Comments field) eg "Pre-PIllow inclusion/exclusion", whatever works for you
  3. Take the action you have chosen, ie to implement the patch or to remove it
  4. Take another Timeshift snapshot and label as "Post-Pillow"
  5. Run your system for a week or your own arbitrary period of time to satisfy yourself that all is AOK, then
  6. If you wish to recoup some space, cull the appropriate snapshot

Cheers

 

:wizardball: Wizard - make Timeshift and Aptik your friends.



#6 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:49 PM

Posted 05 October 2016 - 09:07 PM

Thanks Wiz! :thumbup2:


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users