python-pillow-2.0.0-24.gitd1c6db8.el7

エラータID: AXSA:2024-7452:01

Release date: 
Wednesday, January 24, 2024 - 05:12
Subject: 
python-pillow-2.0.0-24.gitd1c6db8.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

* python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (CVE-2023-44271)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-44271
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.

Solution: 

Update packages.

CVEs: 
CVE-2023-44271
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
Additional Info: 

N/A

Download: 

SRPMS
  1. python-pillow-2.0.0-24.gitd1c6db8.el7.src.rpm
    MD5: 9dbc8aecd9f61145b7dc4a379802670a
    SHA-256: d8e16088b541382c8316a717a8f3ca61e9102b764d60257b7b3b736addd4577c
    Size: 1.23 MB

Asianux Server 7 for x86_64
  1. python-pillow-2.0.0-24.gitd1c6db8.el7.x86_64.rpm
    MD5: 02ebe6e4f5a60dcb475800205310eb5e
    SHA-256: 555039af541858597ba630ab8cf5fb3bb69acede4fe64cc258dcf1995b2248cd
    Size: 438.76 kB