Red Hat 8: RHSA-2021-4149-03 Moderate: python-pillow Security Update

red hat

November 9, 2021

An update for python-pillow is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.
Security Fix(es):
* python-pillow: Out-of-bounds read in J2K image reader (CVE-2021-25287)
* python-pillow: Out-of-bounds read in J2K image reader (CVE-2021-25288)
* python-pillow: Negative-offset memcpy in TIFF image reader (CVE-2021-25290)
* python-pillow: Regular expression DoS in PDF format parser (CVE-2021-25292)
* python-pillow: Out-of-bounds read in SGI RLE image reader (CVE-2021-25293)
* python-pillow: Excessive memory allocation in BLP image reader (CVE-2021-27921)
* python-pillow: Excessive memory allocation in ICNS image reader (CVE-2021-27922)
* python-pillow: Excessive memory allocation in ICO image reader (CVE-2021-27923)
* python-pillow: Excessive memory allocation in PSD image reader (CVE-2021-28675)
* python-pillow: Infinite loop in FLI image reader (CVE-2021-28676)
* python-pillow: Excessive CPU use in EPS image reader (CVE-2021-28677)
* python-pillow: Excessive looping in BLP image reader (CVE-2021-28678)
* python-pillow: Buffer overflow in image convert function (CVE-2021-34552)
* python-pillow: Buffer over-read in PCX image reader (CVE-2020-35653)
* python-pillow: Buffer over-read in SGI RLE image reader (CVE-2020-35655)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.

Topics Covered

security advisory moderate security update Red Hat image processing python-pillow

References

https://access.redhat.com/security/cve/CVE-2020-35653 https://access.redhat.com/security/cve/CVE-2020-35655 https://access.redhat.com/security/cve/CVE-2021-25287 https://access.redhat.com/security/cve/CVE-2021-25288 https://access.redhat.com/security/cve/CVE-2021-25290 https://access.redhat.com/security/cve/CVE-2021-25292 https://access.redhat.com/security/cve/CVE-2021-25293 https://access.redhat.com/security/cve/CVE-2021-27921 https://access.redhat.com/security/cve/CVE-2021-27922 https://access.redhat.com/security/cve/CVE-2021-27923 https://access.redhat.com/security/cve/CVE-2021-28675 https://access.redhat.com/security/cve/CVE-2021-28676 https://access.redhat.com/security/cve/CVE-2021-28677 https://access.redhat.com/security/cve/CVE-2021-28678 https://access.redhat.com/security/cve/CVE-2021-34552 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.5_release_notes/index

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: python-pillow-5.1.1-16.el8.src.rpm
aarch64: python-pillow-debuginfo-5.1.1-16.el8.aarch64.rpm python-pillow-debugsource-5.1.1-16.el8.aarch64.rpm python3-pillow-5.1.1-16.el8.aarch64.rpm python3-pillow-debuginfo-5.1.1-16.el8.aarch64.rpm python3-pillow-tk-debuginfo-5.1.1-16.el8.aarch64.rpm
ppc64le: python-pillow-debuginfo-5.1.1-16.el8.ppc64le.rpm python-pillow-debugsource-5.1.1-16.el8.ppc64le.rpm python3-pillow-5.1.1-16.el8.ppc64le.rpm python3-pillow-debuginfo-5.1.1-16.el8.ppc64le.rpm python3-pillow-tk-debuginfo-5.1.1-16.el8.ppc64le.rpm
s390x: python-pillow-debuginfo-5.1.1-16.el8.s390x.rpm python-pillow-debugsource-5.1.1-16.el8.s390x.rpm python3-pillow-5.1.1-16.el8.s390x.rpm python3-pillow-debuginfo-5.1.1-16.el8.s390x.rpm python3-pillow-tk-debuginfo-5.1.1-16.el8.s390x.rpm
x86_64: python-pillow-debuginfo-5.1.1-16.el8.x86_64.rpm python-pillow-debugsource-5.1.1-16.el8.x86_64.rpm python3-pillow-5.1.1-16.el8.x86_64.rpm python3-pillow-debuginfo-5.1.1-16.el8.x86_64.rpm python3-pillow-tk-debuginfo-5.1.1-16.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key

Severity

important

Lowest

Low

Medium

High

Critical

Advisory ID: RHSA-2021:4149-01

Product: Red Hat Enterprise Linux

Advisory URL: https://access.redhat.com/errata/RHSA-2021:4149

Issue date: 2021-11-09

Topic

An update for python-pillow is now available for Red Hat Enterprise Linux8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics Covered

security advisory moderate security update Red Hat image processing python-pillow

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

1915420 - CVE-2020-35653 python-pillow: Buffer over-read in PCX image reader

1915432 - CVE-2020-35655 python-pillow: Buffer over-read in SGI RLE image reader

1934685 - CVE-2021-25290 python-pillow: Negative-offset memcpy in TIFF image reader

1934699 - CVE-2021-25292 python-pillow: Regular expression DoS in PDF format parser

1934705 - CVE-2021-25293 python-pillow: Out-of-bounds read in SGI RLE image reader

1935384 - CVE-2021-27921 python-pillow: Excessive memory allocation in BLP image reader

1935396 - CVE-2021-27922 python-pillow: Excessive memory allocation in ICNS image reader

1935401 - CVE-2021-27923 python-pillow: Excessive memory allocation in ICO image reader

1958226 - CVE-2021-25287 python-pillow: Out-of-bounds read in J2K image reader

1958231 - CVE-2021-25288 python-pillow: Out-of-bounds read in J2K image reader

1958240 - CVE-2021-28675 python-pillow: Excessive memory allocation in PSD image reader

1958252 - CVE-2021-28676 python-pillow: Infinite loop in FLI image reader

1958257 - CVE-2021-28677 python-pillow: Excessive CPU use in EPS image reader

1958263 - CVE-2021-28678 python-pillow: Excessive looping in BLP image reader

1982378 - CVE-2021-34552 python-pillow: Buffer overflow in image convert function

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat 8: RHSA-2021-4149-03 Moderate: python-pillow Security Update

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat 8: RHSA-2021-4149-03 Moderate: python-pillow Security Update

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!