Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Fedora 31: FEDORA-2020-d0737711b6 Critical: python-pillow Update

fedora
Calendar Grey July 9, 2020
Dist Fedora Esm H88
This release for python-pillow fixes vital bugs impacting Fedora 31. Ensure your security with this new update.
This update fixes CVE-2020-10177, CVE-2020-10994, CVE-2020-10379, CVE-2020-11538 and CVE-2020-10378.

Summary

Python image processing library, fork of the Python Imaging Library (PIL)

This library provides extensive file format support, an efficient

internal representation, and powerful image processing capabilities.

There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt),

devel (development) and doc (documentation).

This update fixes CVE-2020-10177, CVE-2020-10994, CVE-2020-10379, CVE-2020-11538

and CVE-2020-10378.

* Wed Jul 1 2020 Sandro Mani - 6.2.2-3

- Backport patch for CVE-2020-10379

* Wed Jul 1 2020 Sandro Mani - 6.2.2-2

- Backport patch for CVE-2020-10177

- Backport patch for CVE-2020-10378

- Backport patch for CVE-2020-10994

- Backport patch for CVE-2020-11538

[ 1 ] Bug #1852815 - CVE-2020-11538 python-pillow: number of out-of-bounds reads in the parsing of SGI image files [fedora-31]

https://bugzilla.redhat.com/show_bug.cgi?id=1852815

[ 2 ] Bug #1852821 - CVE-2020-10994 python-pillow: multiple out-of-bounds reads via a crafted JP2 file [fedora-31]

https://bugzilla.redhat.com/show_bug.cgi?id=1852821

[ 3 ] Bug #1852826 - CVE-2020-10177 python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c [fedora-31]

https://bugzilla.redhat.com/show_bug.cgi?id=1852826

[ 4 ] Bug #1852833 - CVE-2020-10378 python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files [fedora-31]

https://bugzilla.redhat.com/show_bug.cgi?id=1852833

[ 5 ] Bug #1852838 - CVE-2020-10379 python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode() [fedora-31]

https://bugzilla.redhat.com/show_bug.cgi?id=1852838

su -c 'dnf upgrade --advisory FEDORA-2020-d0737711b6' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory buffer overflow software update out-of-bounds python package Fedora distribution

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 31
Version: 6.2.2
Release: 3.fc31
URL: /
Summary: Python image processing library

Topics%20covered

Topics Covered

security advisory buffer overflow software update out-of-bounds python package Fedora distribution

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here