python-pillow-5.1.1-12.el8

エラータID: AXSA:2020-528:03

Release date: 
Monday, September 28, 2020 - 08:57
Subject: 
python-pillow-5.1.1-12.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

* python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2 (CVE-2020-11538)

* python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images (CVE-2020-5313)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-11538
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
CVE-2020-5313
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. python-pillow-5.1.1-12.el8.src.rpm
    MD5: 2c4557624d3cd40f2146c97e1142e2ef
    SHA-256: 3091b8831bbf9025045ff59e82626685ecec53be4eddac6f10c0c97947b61807
    Size: 13.51 MB

Asianux Server 8 for x86_64
  1. python3-pillow-5.1.1-12.el8.x86_64.rpm
    MD5: 49ade2bef0f9ff81c63387bea08ead56
    SHA-256: b0dbf11308bf637cc22fc4854c14e27dbcdfa866c730bd54ba78ae14f8f83730
    Size: 629.15 kB