Описание
Security update for python-Pillow
This update for python-Pillow fixes the following issues:
- CVE-2024-28219: Fixed buffer overflow in _imagingcms.c (bsc#1222262)
Other fixes:
- Re-enabled build tests for s390x and ppc (bsc#1222553)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
python311-Pillow-9.5.0-150400.5.15.1
python311-Pillow-tk-9.5.0-150400.5.15.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
python311-Pillow-9.5.0-150400.5.15.1
python311-Pillow-tk-9.5.0-150400.5.15.1
SUSE Linux Enterprise Module for Python 3 15 SP5
python311-Pillow-9.5.0-150400.5.15.1
python311-Pillow-tk-9.5.0-150400.5.15.1
SUSE Linux Enterprise Server 15 SP4-LTSS
python311-Pillow-9.5.0-150400.5.15.1
python311-Pillow-tk-9.5.0-150400.5.15.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
python311-Pillow-9.5.0-150400.5.15.1
python311-Pillow-tk-9.5.0-150400.5.15.1
openSUSE Leap 15.5
python311-Pillow-9.5.0-150400.5.15.1
python311-Pillow-tk-9.5.0-150400.5.15.1
Ссылки
- Link for SUSE-SU-2024:1258-1
- E-Mail link for SUSE-SU-2024:1258-1
- SUSE Security Ratings
- SUSE Bug 1222262
- SUSE Bug 1222553
- SUSE CVE CVE-2024-28219 page
Описание
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-Pillow-9.5.0-150400.5.15.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-Pillow-tk-9.5.0-150400.5.15.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-Pillow-9.5.0-150400.5.15.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-Pillow-tk-9.5.0-150400.5.15.1
Ссылки
- CVE-2024-28219
- SUSE Bug 1222262