ELSA-2024-0857

Опубликовано: 18 фев. 2024

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2024-0857: python-pillow security update (IMPORTANT)

[2.0.0-25gitd1c6db8]

Security fix for CVE-2023-50447 Resolves: RHEL-22239

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

python-pillow

2.0.0-25.gitd1c6db8.el7_9

python-pillow-devel

2.0.0-25.gitd1c6db8.el7_9

python-pillow-doc

2.0.0-25.gitd1c6db8.el7_9

python-pillow-qt

2.0.0-25.gitd1c6db8.el7_9

python-pillow-sane

2.0.0-25.gitd1c6db8.el7_9

python-pillow-tk

2.0.0-25.gitd1c6db8.el7_9

Oracle Linux x86_64

python-pillow

2.0.0-25.gitd1c6db8.el7_9

python-pillow-devel

2.0.0-25.gitd1c6db8.el7_9

python-pillow-doc

2.0.0-25.gitd1c6db8.el7_9

python-pillow-qt

2.0.0-25.gitd1c6db8.el7_9

python-pillow-sane

2.0.0-25.gitd1c6db8.el7_9

python-pillow-tk

2.0.0-25.gitd1c6db8.el7_9

Связанные CVE

CVE-2023-50447

Ссылки на источники

Связанные уязвимости

CVE-2023-50447

CVSS3: 8.1

ubuntu

больше 1 года назад

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

CVE-2023-50447

CVSS3: 8.1

redhat

больше 1 года назад

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

CVE-2023-50447

CVSS3: 8.1

nvd

больше 1 года назад

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

CVE-2023-50447

CVSS3: 8.1

debian

больше 1 года назад

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...

openSUSE-SU-2024:0125-1

suse-cvrf

около 1 года назад

Security update for python-Pillow