Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Ubuntu 21.04 USN-4963-1 Critical: Pillow Denial Of Service Issue

ubuntu
Calendar Grey May 19, 2021
Dist Ubuntu Esm H88
The Pillow library may encounter failures when processing specifically designed files in Ubuntu 21.04 and prior releases. Urgent update essential for safety.
Pillow could be made to crash or hang if it opened a specially crafted file.

Summary

Topics%20covered

Topics Covered

security advisory denial of service critical software update Ubuntu update instructions software issue Python library Pillow Python Imaging Library

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: python3-pil 8.1.2-1ubuntu0.1 Ubuntu 20.10: python3-pil 7.2.0-1ubuntu0.3 Ubuntu 20.04 LTS: python3-pil 7.0.0-4ubuntu0.4 Ubuntu 18.04 LTS: python-pil 5.1.0-1ubuntu0.6 python3-pil 5.1.0-1ubuntu0.6 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4963-1

CVE-2021-25287, CVE-2021-25288, CVE-2021-28675, CVE-2021-28676,

CVE-2021-28677, CVE-2021-28678

Severity
critical
Lowest
Low
Medium
High
Critical

May 19, 2021

Topics%20covered

Topics Covered

security advisory denial of service critical software update Ubuntu update instructions software issue Python library Pillow Python Imaging Library

Package Information

https://launchpad.net/ubuntu/+source/pillow/8.1.2-1ubuntu0.1 https://launchpad.net/ubuntu/+source/pillow/7.2.0-1ubuntu0.3 https://launchpad.net/ubuntu/+source/pillow/7.0.0-4ubuntu0.4 https://launchpad.net/ubuntu/+source/pillow/5.1.0-1ubuntu0.6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here