Описание
Security update for python-Pillow
This update for python-Pillow fixes the following issues:
- CVE-2023-50447: Fixed arbitrary code execution via the environment parameter (boo#1219048)
Список пакетов
SUSE Package Hub 15 SP5
python3-Pillow-8.4.0-bp155.3.3.1
python3-Pillow-tk-8.4.0-bp155.3.3.1
openSUSE Leap 15.5
python3-Pillow-8.4.0-bp155.3.3.1
python3-Pillow-tk-8.4.0-bp155.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2024:0125-1
- SUSE Security Ratings
- SUSE Bug 1219048
- SUSE CVE CVE-2023-50447 page
Описание
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Затронутые продукты
SUSE Package Hub 15 SP5:python3-Pillow-8.4.0-bp155.3.3.1
SUSE Package Hub 15 SP5:python3-Pillow-tk-8.4.0-bp155.3.3.1
openSUSE Leap 15.5:python3-Pillow-8.4.0-bp155.3.3.1
openSUSE Leap 15.5:python3-Pillow-tk-8.4.0-bp155.3.3.1
Ссылки
- CVE-2023-50447
- SUSE Bug 1219048