Описание
Security update for python-Pillow
This update for python-Pillow fixes the following issues:
- CVE-2023-50447: Fixed arbitrary code execution via the environment parameter. (bsc#1219048)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
python311-Pillow-9.5.0-150400.5.9.1
python311-Pillow-tk-9.5.0-150400.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
python311-Pillow-9.5.0-150400.5.9.1
python311-Pillow-tk-9.5.0-150400.5.9.1
SUSE Linux Enterprise Module for Python 3 15 SP5
python311-Pillow-9.5.0-150400.5.9.1
python311-Pillow-tk-9.5.0-150400.5.9.1
SUSE Linux Enterprise Server 15 SP4-LTSS
python311-Pillow-9.5.0-150400.5.9.1
python311-Pillow-tk-9.5.0-150400.5.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
python311-Pillow-9.5.0-150400.5.9.1
python311-Pillow-tk-9.5.0-150400.5.9.1
openSUSE Leap 15.5
python311-Pillow-9.5.0-150400.5.9.1
python311-Pillow-tk-9.5.0-150400.5.9.1
Ссылки
- Link for SUSE-SU-2024:0205-1
- E-Mail link for SUSE-SU-2024:0205-1
- SUSE Security Ratings
- SUSE Bug 1219048
- SUSE CVE CVE-2023-50447 page
Описание
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-Pillow-9.5.0-150400.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-Pillow-tk-9.5.0-150400.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-Pillow-9.5.0-150400.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-Pillow-tk-9.5.0-150400.5.9.1
Ссылки
- CVE-2023-50447
- SUSE Bug 1219048