python-pillow-5.1.1-20.el8

エラータID: AXSA:2024-8290:04

Release date: 
Monday, June 17, 2024 - 16:06
Subject: 
python-pillow-5.1.1-20.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

* python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (CVE-2023-44271)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.10 Release Notes linked from the References section.

CVE-2023-44271
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.

Solution: 

Update packages.

CVEs: 
CVE-2023-44271
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
Additional Info: 

N/A

Download: 

SRPMS
  1. python-pillow-5.1.1-20.el8.src.rpm
    MD5: e406a23aefebdb3bacabf484c5c6133e
    SHA-256: 4d5a0ba89db47b116bfac32730aea231ac8ba392bb15969e571ac220b9444fd8
    Size: 13.52 MB

Asianux Server 8 for x86_64
  1. python3-pillow-5.1.1-20.el8.i686.rpm
    MD5: 097de41ca5c9d62f1abd1822ddb26b52
    SHA-256: 8b6f9cc7b9629b4f11940536880a7cac816efb0aeee9d17a4152e88ed2e2bc3b
    Size: 640.05 kB
  2. python3-pillow-5.1.1-20.el8.x86_64.rpm
    MD5: ceeec8327d124bd2746afb889add2495
    SHA-256: f33a80c1bf1a38b36b336f4486bc00ae040c29c6ca269428dcd629ffc36d1b78
    Size: 631.54 kB
  3. python3-pillow-devel-5.1.1-20.el8.i686.rpm
    MD5: d5616f77b81777c754e0d61e03d152f9
    SHA-256: 6a997b0f25a9db567e610e10668193976131c75af30441429dbbda3ebc16d45d
    Size: 33.32 kB
  4. python3-pillow-devel-5.1.1-20.el8.x86_64.rpm
    MD5: 206e57287b28467e89bd317e42833aaa
    SHA-256: f74eb7568cce9df932e8dc5789802732ff13c5b9b486a735173d83bd77d4ddcb
    Size: 33.28 kB
  5. python3-pillow-doc-5.1.1-20.el8.noarch.rpm
    MD5: cddd201bdf844c4348820d0e6275c53f
    SHA-256: f93413eefe77e806b28ec272252f96fb1360d4e28ae2820de1b631978b69cfc1
    Size: 1.99 MB
  6. python3-pillow-tk-5.1.1-20.el8.x86_64.rpm
    MD5: 43ad6224169fef9984a8aa7b8bcafe0d
    SHA-256: cb6b7084be8bbc89f1acaa2c9a113e671e2d9b2f5b06ca6d31fd39e50e2abb17
    Size: 36.44 kB