exploitDog

RLSA-2022:0643

Опубликовано: 22 фев. 2022

Источник: rocky

Оценка: Important

Описание

Important: python-pillow security update

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions (CVE-2022-22817)
python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c (CVE-2022-22816)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 8

Наименование	Архитектура	Релиз	RPM
python3-pillow	x86_64	18.el8_5	python3-pillow-5.1.1-18.el8_5.x86_64.rpm

Показывать по

Связанные CVE

Ссылки на источники

Исправления

https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Red Hat - 2042522
https://bugzilla.redhat.com/show_bug.cgi?id=2042527
Red Hat - 2042527

Связанные уязвимости

ROS-20220128-02

redos

больше 3 лет назад

Уязвимость библиотеки изображений Python Pillow

ELSA-2022-0643

oracle-oval

больше 3 лет назад

ELSA-2022-0643: python-pillow security update (IMPORTANT)

ELSA-2022-0609

oracle-oval

больше 3 лет назад

ELSA-2022-0609: python-pillow security update (IMPORTANT)

CVE-2022-22815

CVSS3: 6.5

ubuntu

больше 3 лет назад

path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

CVE-2022-22815

CVSS3: 6.5

redhat

больше 3 лет назад

path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.