python-pillow-2.0.0-24.gitd1c6db8.el7
エラータID: AXSA:2024-7452:01
リリース日:
2024/01/24 Wednesday - 05:12
題名:
python-pillow-2.0.0-24.gitd1c6db8.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- python-pillow の ImageFont には、意図しないメモリ量を
割り当ててしまう問題があるため、リモートの攻撃者により、
ImageDraw インスタンスの textlength 値が大きいテキスト型
の引数の処理を介して、サービス拒否攻撃 (メモリ枯渇) を
可能とする脆弱性が存在します。(CVE-2023-44271)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-44271
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
追加情報:
N/A
ダウンロード:
SRPMS
- python-pillow-2.0.0-24.gitd1c6db8.el7.src.rpm
MD5: 9dbc8aecd9f61145b7dc4a379802670a
SHA-256: d8e16088b541382c8316a717a8f3ca61e9102b764d60257b7b3b736addd4577c
Size: 1.23 MB
Asianux Server 7 for x86_64
- python-pillow-2.0.0-24.gitd1c6db8.el7.x86_64.rpm
MD5: 02ebe6e4f5a60dcb475800205310eb5e
SHA-256: 555039af541858597ba630ab8cf5fb3bb69acede4fe64cc258dcf1995b2248cd
Size: 438.76 kB
English