Описание
Security update for python-Pillow
This update for python-Pillow fixes the following issues:
- CVE-2023-50447: Fixed arbitrary code execution via the environment parameter. (bsc#1219048)
Список пакетов
openSUSE Leap 15.5
python3-Pillow-7.2.0-150300.3.6.1
python3-Pillow-tk-7.2.0-150300.3.6.1
Ссылки
- Link for SUSE-SU-2024:0185-1
- E-Mail link for SUSE-SU-2024:0185-1
- SUSE Security Ratings
- SUSE Bug 1219048
- SUSE CVE CVE-2023-50447 page
Описание
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Затронутые продукты
openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.6.1
openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.6.1
Ссылки
- CVE-2023-50447
- SUSE Bug 1219048