python-pillow-2.0.0-25.gitd1c6db8.el7
エラータID: AXSA:2024-7532:02
Release date:
Monday, February 19, 2024 - 14:11
Subject:
python-pillow-2.0.0-25.gitd1c6db8.el7
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.
Security Fix(es):
* pillow: Arbitrary Code Execution via the environment parameter (CVE-2023-50447)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-50447
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Solution:
Update packages.
CVEs:
CVE-2023-50447
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Additional Info:
N/A
Download:
SRPMS
- python-pillow-2.0.0-25.gitd1c6db8.el7.src.rpm
MD5: 0945ae3a1089435621666a424b7fab13
SHA-256: f5554c2c421c62d56326b58abca09475b2fac6261c3c9b06795a970812d15461
Size: 1.23 MB
Asianux Server 7 for x86_64
- python-pillow-2.0.0-25.gitd1c6db8.el7.x86_64.rpm
MD5: 6cf9b328fc3202fe980e9919be921c0c
SHA-256: 6c2908216683d2602ad7f8968cb127c824bef74d0ac0723219e65bc27df55588
Size: 439.00 kB
日本語