ELSA-2024-0893

Опубликовано: 20 фев. 2024

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2024-0893: python-pillow security update (IMPORTANT)

[5.1.1-18.1]

Security fix for CVE-2023-50447 Resolves: RHEL-22240

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

python3-pillow

5.1.1-18.el8_9.1

python3-pillow-devel

5.1.1-18.el8_9.1

python3-pillow-doc

5.1.1-18.el8_9.1

python3-pillow-tk

5.1.1-18.el8_9.1

Oracle Linux x86_64

python3-pillow

5.1.1-18.el8_9.1

python3-pillow-devel

5.1.1-18.el8_9.1

python3-pillow-doc

5.1.1-18.el8_9.1

python3-pillow-tk

5.1.1-18.el8_9.1

Связанные CVE

CVE-2023-50447

Ссылки на источники

Связанные уязвимости

CVE-2023-50447

CVSS3: 8.1

ubuntu

больше 1 года назад

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

CVE-2023-50447

CVSS3: 8.1

redhat

больше 1 года назад

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

CVE-2023-50447

CVSS3: 8.1

nvd

больше 1 года назад

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

CVE-2023-50447

CVSS3: 8.1

debian

больше 1 года назад

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...

openSUSE-SU-2024:0125-1

suse-cvrf

около 1 года назад

Security update for python-Pillow