What Are You Looking For?

Sign Up

   SUSE Security Update: Security update for python-Pillow
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2057-1
Rating:             important
References:         #1153191 #1160152 #1160153 #1160192 #1173413 
                    #1173416 #1173418 #965582 
Cross-References:   CVE-2016-0775 CVE-2019-16865 CVE-2019-19911
                    CVE-2020-10177 CVE-2020-10378 CVE-2020-10994
                    CVE-2020-5312 CVE-2020-5313
Affected Products:
                    SUSE Enterprise Storage 5
______________________________________________________________________________

   An update that fixes 8 vulnerabilities is now available.

Description:

   This update for python-Pillow fixes the following issues:

   - Add 0019-FLI-overflow-error-fix-and-testcase.patch
      * Fixes CVE-2016-0775, bsc#965582
   - Add 0020-Fix-OOB-reads-in-FLI-decoding.patch
      * Fixes CVE-2020-10177, bsc#1173413
   - Add 0021-Fix-bounds-overflow-in-JPEG-2000-decoding.patch
      * Fixes CVE-2020-10994, bsc#1173418
   - Add 0022-Fix-bounds-overflow-in-PCX-decoding.patch
      * Fixes CVE-2020-10378, bsc#1173416
   - Add 0008-Corrected-negative-seeks.patch
      * Fixes part of CVE-2019-16865, bsc#1153191
   - Add 0009-Make-Image.crop-an-immediate-operation.patch
      * Fixes https://github.com/python-pillow/Pillow/issues/1077
      * Used by 0012-Added-decompression-bomb-checks.patch
   - Add 0010-Crop-decompression.patch
      * Used by 0012-Added-decompression-bomb-checks.patch
   - Add 0011-Added-DecompressionBombError.patch
      * Used by 0012-Added-decompression-bomb-checks.patch
   - Add 0012-Added-decompression-bomb-checks.patch
      * Fixes part of CVE-2019-16865, bsc#1153191
   - Add 0013-Raise-error-if-dimension-is-a-string.patch
      * Fixes part of CVE-2019-16865, bsc#1153191
   - Add 0014-Catch-buffer-overruns.patch
      * Fixes part of CVE-2019-16865, bsc#1153191
   - Add 0015-Catch-PCX-P-mode-buffer-overrun.patch
      * Fixes CVE-2020-5312, bsc#1160152
   - Add 0016-Ensure-previous-FLI-frame-is-loaded.patch
      * Fixes https://github.com/python-pillow/Pillow/issues/2649
      * Uncovers CVE-2020-5313, bsc#1160153
   - Add 0017-Catch-FLI-buffer-overrun.patch
      * Fixes CVE-2020-5313, bsc#1160153
   - Add 018-Invalid-number-of-bands-in-FPX-image.patch
      * Fixes CVE-2019-19911, bsc#1160192


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Enterprise Storage 5:

      zypper in -t patch SUSE-Storage-5-2020-2057=1



Package List:

   - SUSE Enterprise Storage 5 (aarch64 x86_64):

      python-Pillow-2.8.1-3.9.1
      python-Pillow-debuginfo-2.8.1-3.9.1
      python-Pillow-debugsource-2.8.1-3.9.1


References:

   https://www.suse.com/security/cve/CVE-2016-0775.html
   https://www.suse.com/security/cve/CVE-2019-16865.html
   https://www.suse.com/security/cve/CVE-2019-19911.html
   https://www.suse.com/security/cve/CVE-2020-10177.html
   https://www.suse.com/security/cve/CVE-2020-10378.html
   https://www.suse.com/security/cve/CVE-2020-10994.html
   https://www.suse.com/security/cve/CVE-2020-5312.html
   https://www.suse.com/security/cve/CVE-2020-5313.html
   https://bugzilla.suse.com/1153191
   https://bugzilla.suse.com/1160152
   https://bugzilla.suse.com/1160153
   https://bugzilla.suse.com/1160192
   https://bugzilla.suse.com/1173413
   https://bugzilla.suse.com/1173416
   https://bugzilla.suse.com/1173418
   https://bugzilla.suse.com/965582

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
https://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2020:2057-1 important: python-Pillow

July 27, 2020
An update that fixes 8 vulnerabilities is now available

Summary

This update for python-Pillow fixes the following issues: - Add 0019-FLI-overflow-error-fix-and-testcase.patch * Fixes CVE-2016-0775, bsc#965582 - Add 0020-Fix-OOB-reads-in-FLI-decoding.patch * Fixes CVE-2020-10177, bsc#1173413 - Add 0021-Fix-bounds-overflow-in-JPEG-2000-decoding.patch * Fixes CVE-2020-10994, bsc#1173418 - Add 0022-Fix-bounds-overflow-in-PCX-decoding.patch * Fixes CVE-2020-10378, bsc#1173416 - Add 0008-Corrected-negative-seeks.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0009-Make-Image.crop-an-immediate-operation.patch * Fixes https://github.com/python-pillow/Pillow/issues/1077 * Used by 0012-Added-decompression-bomb-checks.patch - Add 0010-Crop-decompression.patch * Used by 0012-Added-decompression-bomb-checks.patch - Add 0011-Added-DecompressionBombError.patch * Used by 0012-Added-decompression-bomb-checks.patch - Add 0012-Added-decompression-bomb-checks.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0013-Raise-error-if-dimension-is-a-string.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0014-Catch-buffer-overruns.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0015-Catch-PCX-P-mode-buffer-overrun.patch * Fixes CVE-2020-5312, bsc#1160152 - Add 0016-Ensure-previous-FLI-frame-is-loaded.patch * Fixes https://github.com/python-pillow/Pillow/issues/2649 * Uncovers CVE-2020-5313, bsc#1160153 - Add 0017-Catch-FLI-buffer-overrun.patch * Fixes CVE-2020-5313, bsc#1160153 - Add 018-Invalid-number-of-bands-in-FPX-image.patch * Fixes CVE-2019-19911, bsc#1160192 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2057=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): python-Pillow-2.8.1-3.9.1 python-Pillow-debuginfo-2.8.1-3.9.1 python-Pillow-debugsource-2.8.1-3.9.1

References

#1153191 #1160152 #1160153 #1160192 #1173413

#1173416 #1173418 #965582

Cross- CVE-2016-0775 CVE-2019-16865 CVE-2019-19911

CVE-2020-10177 CVE-2020-10378 CVE-2020-10994

CVE-2020-5312 CVE-2020-5313

Affected Products:

SUSE Enterprise Storage 5

https://www.suse.com/security/cve/CVE-2016-0775.html

https://www.suse.com/security/cve/CVE-2019-16865.html

https://www.suse.com/security/cve/CVE-2019-19911.html

https://www.suse.com/security/cve/CVE-2020-10177.html

https://www.suse.com/security/cve/CVE-2020-10378.html

https://www.suse.com/security/cve/CVE-2020-10994.html

https://www.suse.com/security/cve/CVE-2020-5312.html

https://www.suse.com/security/cve/CVE-2020-5313.html

https://bugzilla.suse.com/1153191

https://bugzilla.suse.com/1160152

https://bugzilla.suse.com/1160153

https://bugzilla.suse.com/1160192

https://bugzilla.suse.com/1173413

https://bugzilla.suse.com/1173416

https://bugzilla.suse.com/1173418

https://bugzilla.suse.com/965582

Severity
Announcement ID: SUSE-SU-2020:2057-1
Rating: important

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo