python-pillow-2.0.0-21.gitd1c6db8.el7

エラータID: AXSA:2020-560:04

Release date: 
Monday, October 5, 2020 - 09:00
Subject: 
python-pillow-2.0.0-21.gitd1c6db8.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images (CVE-2020-5313)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7 Release Notes linked from the References section.

CVE-2020-5313
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.

Solution: 

Update packages.

CVEs: 
CVE-2020-5313
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
Additional Info: 

N/A

Download: 

SRPMS
  1. python-pillow-2.0.0-21.gitd1c6db8.el7.src.rpm
    MD5: 07e33e4d0a11b9db4e54f1b3a8b5d9fc
    SHA-256: bd2309219436ad22607f319f1606743370f72e609bb180715f8e7d8adb105d69
    Size: 1.23 MB

Asianux Server 7 for x86_64
  1. python-pillow-2.0.0-21.gitd1c6db8.el7.x86_64.rpm
    MD5: 50196a15a3a64e1f45d87f29ce6c7e3e
    SHA-256: 3e9ae03653afd2f4171da39b54a6e19b1878fae18ad8c2feaca399671123b06b
    Size: 437.73 kB