ELSA-2022-0609

Опубликовано: 23 фев. 2022

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2022-0609: python-pillow security update (IMPORTANT)

[2.0.0-23gitd1c6db8]

Fixup for CVE-2022-22817
Security fixes for CVE-2022-22815, CVE-2022-22816 Resolves: rhbz#2042522

[2.0.0-22gitd1c6db8]

Fix for CVE-2022-22817 Resolves: rhbz#2042527

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

python-pillow

2.0.0-23.gitd1c6db8.el7_9

python-pillow-devel

2.0.0-23.gitd1c6db8.el7_9

python-pillow-doc

2.0.0-23.gitd1c6db8.el7_9

python-pillow-qt

2.0.0-23.gitd1c6db8.el7_9

python-pillow-sane

2.0.0-23.gitd1c6db8.el7_9

python-pillow-tk

2.0.0-23.gitd1c6db8.el7_9

Oracle Linux x86_64

python-pillow

2.0.0-23.gitd1c6db8.el7_9

python-pillow-devel

2.0.0-23.gitd1c6db8.el7_9

python-pillow-doc

2.0.0-23.gitd1c6db8.el7_9

python-pillow-qt

2.0.0-23.gitd1c6db8.el7_9

python-pillow-sane

2.0.0-23.gitd1c6db8.el7_9

python-pillow-tk

2.0.0-23.gitd1c6db8.el7_9

Связанные CVE

CVE-2022-22816

CVE-2022-22817

Ссылки на источники

Связанные уязвимости

ELSA-2022-0643

oracle-oval

больше 3 лет назад

ELSA-2022-0643: python-pillow security update (IMPORTANT)

ROS-20220128-02

redos

больше 3 лет назад

Уязвимость библиотеки изображений Python Pillow

RLSA-2022:0643

rocky

больше 3 лет назад

Important: python-pillow security update

CVE-2022-22817

CVSS3: 9.8

ubuntu

больше 3 лет назад

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.

CVE-2022-22817

CVSS3: 9.8

redhat

больше 3 лет назад

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.