Red Hat Product Errata RHSA-2022:0665 - Security Advisory
Issued:
2022-02-24
Updated:
2022-02-24

RHSA-2022:0665 - Security Advisory

Synopsis

Important: python-pillow security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python-pillow is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

  • python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions (CVE-2022-22817)
  • python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c (CVE-2022-22816)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2042522 - CVE-2022-22816 python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c
  • BZ - 2042527 - CVE-2022-22817 python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
python-pillow-5.1.1-14.el8_4.src.rpm SHA-256: 8212d25b1731f5683482104792798710579ddef435a3849dc3a48b74589b067b
x86_64
python-pillow-debuginfo-5.1.1-14.el8_4.x86_64.rpm SHA-256: 4ec9d1c64298e4ed1739febcda99b8ae8f6546e64fb6ed1dc0d6553d746e8dfe
python-pillow-debugsource-5.1.1-14.el8_4.x86_64.rpm SHA-256: d835953afa205fb645451021d0719577e8abf084e3737debfb9ac6f2b9247ac4
python3-pillow-5.1.1-14.el8_4.x86_64.rpm SHA-256: e335164b10905b90561d4f93669decfb8290a9ffbe88a570abd601617a8ead0e
python3-pillow-debuginfo-5.1.1-14.el8_4.x86_64.rpm SHA-256: 81d03e8a952806da0c3a7f63bacdf59bc1871279cb7bfa14e01fce7036bf1f54
python3-pillow-tk-debuginfo-5.1.1-14.el8_4.x86_64.rpm SHA-256: 59431a85a0d28ae3af8d67a555df5f4e69e9f4a3323021fdc4d9839bf033c0ae

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4

SRPM
python-pillow-5.1.1-14.el8_4.src.rpm SHA-256: 8212d25b1731f5683482104792798710579ddef435a3849dc3a48b74589b067b
x86_64
python-pillow-debuginfo-5.1.1-14.el8_4.x86_64.rpm SHA-256: 4ec9d1c64298e4ed1739febcda99b8ae8f6546e64fb6ed1dc0d6553d746e8dfe
python-pillow-debugsource-5.1.1-14.el8_4.x86_64.rpm SHA-256: d835953afa205fb645451021d0719577e8abf084e3737debfb9ac6f2b9247ac4
python3-pillow-5.1.1-14.el8_4.x86_64.rpm SHA-256: e335164b10905b90561d4f93669decfb8290a9ffbe88a570abd601617a8ead0e
python3-pillow-debuginfo-5.1.1-14.el8_4.x86_64.rpm SHA-256: 81d03e8a952806da0c3a7f63bacdf59bc1871279cb7bfa14e01fce7036bf1f54
python3-pillow-tk-debuginfo-5.1.1-14.el8_4.x86_64.rpm SHA-256: 59431a85a0d28ae3af8d67a555df5f4e69e9f4a3323021fdc4d9839bf033c0ae

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
python-pillow-5.1.1-14.el8_4.src.rpm SHA-256: 8212d25b1731f5683482104792798710579ddef435a3849dc3a48b74589b067b
x86_64
python-pillow-debuginfo-5.1.1-14.el8_4.x86_64.rpm SHA-256: 4ec9d1c64298e4ed1739febcda99b8ae8f6546e64fb6ed1dc0d6553d746e8dfe
python-pillow-debugsource-5.1.1-14.el8_4.x86_64.rpm SHA-256: d835953afa205fb645451021d0719577e8abf084e3737debfb9ac6f2b9247ac4
python3-pillow-5.1.1-14.el8_4.x86_64.rpm SHA-256: e335164b10905b90561d4f93669decfb8290a9ffbe88a570abd601617a8ead0e
python3-pillow-debuginfo-5.1.1-14.el8_4.x86_64.rpm SHA-256: 81d03e8a952806da0c3a7f63bacdf59bc1871279cb7bfa14e01fce7036bf1f54
python3-pillow-tk-debuginfo-5.1.1-14.el8_4.x86_64.rpm SHA-256: 59431a85a0d28ae3af8d67a555df5f4e69e9f4a3323021fdc4d9839bf033c0ae

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM
python-pillow-5.1.1-14.el8_4.src.rpm SHA-256: 8212d25b1731f5683482104792798710579ddef435a3849dc3a48b74589b067b
s390x
python-pillow-debuginfo-5.1.1-14.el8_4.s390x.rpm SHA-256: 86af0679421378587a914f0d6aaaf64b48018b4aeb87294d99a43f586056306a
python-pillow-debugsource-5.1.1-14.el8_4.s390x.rpm SHA-256: 90139e45e4a235b2a997850763e9b8b0edef5a87915221831f7f230cef6f3a98
python3-pillow-5.1.1-14.el8_4.s390x.rpm SHA-256: b6d95190e0950b514f6e3a526a30ba4b2686823847add425c168aa9a2d2cbf37
python3-pillow-debuginfo-5.1.1-14.el8_4.s390x.rpm SHA-256: 718c6e981372c5972d3f9d8fe248913a272ca4d1b9eac414eeb61ce49d19d64c
python3-pillow-tk-debuginfo-5.1.1-14.el8_4.s390x.rpm SHA-256: afe5641a5471a62751b43259072cc8408296130dfe19511c53b90ff6fc65ffb0

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
python-pillow-5.1.1-14.el8_4.src.rpm SHA-256: 8212d25b1731f5683482104792798710579ddef435a3849dc3a48b74589b067b
ppc64le
python-pillow-debuginfo-5.1.1-14.el8_4.ppc64le.rpm SHA-256: 176268f74340f70eddac5345b22c22be698d7ccfd4c649fb6a3c5da371c6e12c
python-pillow-debugsource-5.1.1-14.el8_4.ppc64le.rpm SHA-256: b320662df34dcf28ef8c7452af4a6708fe49cb45891e32e1b58cf205db889852
python3-pillow-5.1.1-14.el8_4.ppc64le.rpm SHA-256: d87660373af9a180aa3f88f80e200c6a33a14605e0b6c03864f9f6bf47004034
python3-pillow-debuginfo-5.1.1-14.el8_4.ppc64le.rpm SHA-256: 6ad1531f63328a773b58949d9654fd510471c2480cfbafee7a51b5d97821226e
python3-pillow-tk-debuginfo-5.1.1-14.el8_4.ppc64le.rpm SHA-256: 5ae7e2ca402f925d83ae94997be7c4cd6d2b3714b80a26402721100c467d11b8

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
python-pillow-5.1.1-14.el8_4.src.rpm SHA-256: 8212d25b1731f5683482104792798710579ddef435a3849dc3a48b74589b067b
x86_64
python-pillow-debuginfo-5.1.1-14.el8_4.x86_64.rpm SHA-256: 4ec9d1c64298e4ed1739febcda99b8ae8f6546e64fb6ed1dc0d6553d746e8dfe
python-pillow-debugsource-5.1.1-14.el8_4.x86_64.rpm SHA-256: d835953afa205fb645451021d0719577e8abf084e3737debfb9ac6f2b9247ac4
python3-pillow-5.1.1-14.el8_4.x86_64.rpm SHA-256: e335164b10905b90561d4f93669decfb8290a9ffbe88a570abd601617a8ead0e
python3-pillow-debuginfo-5.1.1-14.el8_4.x86_64.rpm SHA-256: 81d03e8a952806da0c3a7f63bacdf59bc1871279cb7bfa14e01fce7036bf1f54
python3-pillow-tk-debuginfo-5.1.1-14.el8_4.x86_64.rpm SHA-256: 59431a85a0d28ae3af8d67a555df5f4e69e9f4a3323021fdc4d9839bf033c0ae

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
python-pillow-5.1.1-14.el8_4.src.rpm SHA-256: 8212d25b1731f5683482104792798710579ddef435a3849dc3a48b74589b067b
aarch64
python-pillow-debuginfo-5.1.1-14.el8_4.aarch64.rpm SHA-256: 981c852a3c0e69eb6a2b4f5353a768fbe2e1bad2cf2a8ea48f2fd20b000a6c94
python-pillow-debugsource-5.1.1-14.el8_4.aarch64.rpm SHA-256: 6c9261c2a939fdce65822df194c1325bd7141c8cb64b67b21f0e358638b3bf77
python3-pillow-5.1.1-14.el8_4.aarch64.rpm SHA-256: fae7310e589645e27362dc42af25f2f23a979191f961bd2446a59d92134d7ac1
python3-pillow-debuginfo-5.1.1-14.el8_4.aarch64.rpm SHA-256: c38cb900e5946f1a7fb98bda21906bb32bce5acc42af6dd9c98ebbbddb8d3e62
python3-pillow-tk-debuginfo-5.1.1-14.el8_4.aarch64.rpm SHA-256: 4bedaee43cf51e20cba67fa78cae6f8e2aeccca630e849b0124f8ac38fd69cdf

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
python-pillow-5.1.1-14.el8_4.src.rpm SHA-256: 8212d25b1731f5683482104792798710579ddef435a3849dc3a48b74589b067b
ppc64le
python-pillow-debuginfo-5.1.1-14.el8_4.ppc64le.rpm SHA-256: 176268f74340f70eddac5345b22c22be698d7ccfd4c649fb6a3c5da371c6e12c
python-pillow-debugsource-5.1.1-14.el8_4.ppc64le.rpm SHA-256: b320662df34dcf28ef8c7452af4a6708fe49cb45891e32e1b58cf205db889852
python3-pillow-5.1.1-14.el8_4.ppc64le.rpm SHA-256: d87660373af9a180aa3f88f80e200c6a33a14605e0b6c03864f9f6bf47004034
python3-pillow-debuginfo-5.1.1-14.el8_4.ppc64le.rpm SHA-256: 6ad1531f63328a773b58949d9654fd510471c2480cfbafee7a51b5d97821226e
python3-pillow-tk-debuginfo-5.1.1-14.el8_4.ppc64le.rpm SHA-256: 5ae7e2ca402f925d83ae94997be7c4cd6d2b3714b80a26402721100c467d11b8

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
python-pillow-5.1.1-14.el8_4.src.rpm SHA-256: 8212d25b1731f5683482104792798710579ddef435a3849dc3a48b74589b067b
x86_64
python-pillow-debuginfo-5.1.1-14.el8_4.x86_64.rpm SHA-256: 4ec9d1c64298e4ed1739febcda99b8ae8f6546e64fb6ed1dc0d6553d746e8dfe
python-pillow-debugsource-5.1.1-14.el8_4.x86_64.rpm SHA-256: d835953afa205fb645451021d0719577e8abf084e3737debfb9ac6f2b9247ac4
python3-pillow-5.1.1-14.el8_4.x86_64.rpm SHA-256: e335164b10905b90561d4f93669decfb8290a9ffbe88a570abd601617a8ead0e
python3-pillow-debuginfo-5.1.1-14.el8_4.x86_64.rpm SHA-256: 81d03e8a952806da0c3a7f63bacdf59bc1871279cb7bfa14e01fce7036bf1f54
python3-pillow-tk-debuginfo-5.1.1-14.el8_4.x86_64.rpm SHA-256: 59431a85a0d28ae3af8d67a555df5f4e69e9f4a3323021fdc4d9839bf033c0ae

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.