Описание
Security update for python-Pillow
This update for python-Pillow fixes the following issues:
- CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894).
Список пакетов
SUSE Linux Enterprise Module for Python 3 15 SP4
python311-Pillow-9.5.0-150400.5.6.1
python311-Pillow-tk-9.5.0-150400.5.6.1
SUSE Linux Enterprise Module for Python 3 15 SP5
python311-Pillow-9.5.0-150400.5.6.1
python311-Pillow-tk-9.5.0-150400.5.6.1
openSUSE Leap 15.4
python311-Pillow-9.5.0-150400.5.6.1
python311-Pillow-tk-9.5.0-150400.5.6.1
openSUSE Leap 15.5
python311-Pillow-9.5.0-150400.5.6.1
python311-Pillow-tk-9.5.0-150400.5.6.1
Ссылки
- Link for SUSE-SU-2023:4528-1
- E-Mail link for SUSE-SU-2023:4528-1
- SUSE Security Ratings
- SUSE Bug 1216894
- SUSE CVE CVE-2023-44271 page
Описание
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
Затронутые продукты
SUSE Linux Enterprise Module for Python 3 15 SP4:python311-Pillow-9.5.0-150400.5.6.1
SUSE Linux Enterprise Module for Python 3 15 SP4:python311-Pillow-tk-9.5.0-150400.5.6.1
SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Pillow-9.5.0-150400.5.6.1
SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Pillow-tk-9.5.0-150400.5.6.1
Ссылки
- CVE-2023-44271
- SUSE Bug 1216894