Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: 2020:2057-1 Important: python-Pillow Buffer Overflow Patch

suse
Calendar Grey July 27, 2020
Dist Suse Esm H88
SUSE has unveiled a crucial enhancement for python-Pillow addressing several concerns pertaining to security flaws.
An update that fixes 8 vulnerabilities is now available

Summary

This update for python-Pillow fixes the following issues: - Add 0019-FLI-overflow-error-fix-and-testcase.patch * Fixes CVE-2016-0775, bsc#965582 - Add 0020-Fix-OOB-reads-in-FLI-decoding.patch * Fixes CVE-2020-10177, bsc#1173413 - Add 0021-Fix-bounds-overflow-in-JPEG-2000-decoding.patch * Fixes CVE-2020-10994, bsc#1173418 - Add 0022-Fix-bounds-overflow-in-PCX-decoding.patch * Fixes CVE-2020-10378, bsc#1173416 - Add 0008-Corrected-negative-seeks.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0009-Make-Image.crop-an-immediate-operation.patch * Fixes https://github.com/python-pillow/Pillow/issues/1077 * Used by 0012-Added-decompression-bomb-checks.patch - Add 0010-Crop-decompression.patch * Used by 0012-Added-decompression-bomb-checks.patch

References

#1153191 #1160152 #1160153 #1160192 #1173413

#1173416 #1173418 #965582

Cross- CVE-2016-0775 CVE-2019-16865 CVE-2019-19911

CVE-2020-10177 CVE-2020-10378 CVE-2020-10994

CVE-2020-5312 CVE-2020-5313

Affected Products:

SUSE Enterprise Storage 5

https://www.suse.com/security/cve/CVE-2016-0775.html

https://www.suse.com/security/cve/CVE-2019-16865.html

https://www.suse.com/security/cve/CVE-2019-19911.html

https://www.suse.com/security/cve/CVE-2020-10177.html

https://www.suse.com/security/cve/CVE-2020-10378.html

https://www.suse.com/security/cve/CVE-2020-10994.html

https://www.suse.com/security/cve/CVE-2020-5312.html

https://www.suse.com/security/cve/CVE-2020-5313.html

https://bugzilla.suse.com/1153191

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:2057-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here