Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2022:0667 - Security Advisory
Issued:
2022-02-24
Updated:
2022-02-24

RHSA-2022:0667 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: python-pillow security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python-pillow is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

  • python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions (CVE-2022-22817)
  • python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c (CVE-2022-22816)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2042522 - CVE-2022-22816 python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c
  • BZ - 2042527 - CVE-2022-22817 python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions

CVEs

  • CVE-2022-22816
  • CVE-2022-22817

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2

SRPM
python-pillow-5.1.1-14.el8_2.src.rpm SHA-256: b5b7ef9284ff3df65b6b428595eb3f838abcb5db6b93e9ce08b70625444d538b
x86_64
python-pillow-debuginfo-5.1.1-14.el8_2.x86_64.rpm SHA-256: f1d7a3c5eb1cc37d838d8dbe0680a42813274de98338e3de8109f8c816e1690f
python-pillow-debugsource-5.1.1-14.el8_2.x86_64.rpm SHA-256: eb30dd2b47a53da0b84398423fe612a04487dc567d6a8c89e0001c32f082b776
python3-pillow-5.1.1-14.el8_2.x86_64.rpm SHA-256: ef53f7a32b0736791b729965c591985fdba40fcd5e48e8496bbaaae6bbbb5dba
python3-pillow-debuginfo-5.1.1-14.el8_2.x86_64.rpm SHA-256: 6ece16cb31d124e839f8cabe185a65ef14da60051843814c728a57eae3a65de9
python3-pillow-tk-debuginfo-5.1.1-14.el8_2.x86_64.rpm SHA-256: f2c45c30355ebe7fd93d345419c8045f70c821eec1f5b803a629f3be2b7f91bb

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
python-pillow-5.1.1-14.el8_2.src.rpm SHA-256: b5b7ef9284ff3df65b6b428595eb3f838abcb5db6b93e9ce08b70625444d538b
x86_64
python-pillow-debuginfo-5.1.1-14.el8_2.x86_64.rpm SHA-256: f1d7a3c5eb1cc37d838d8dbe0680a42813274de98338e3de8109f8c816e1690f
python-pillow-debugsource-5.1.1-14.el8_2.x86_64.rpm SHA-256: eb30dd2b47a53da0b84398423fe612a04487dc567d6a8c89e0001c32f082b776
python3-pillow-5.1.1-14.el8_2.x86_64.rpm SHA-256: ef53f7a32b0736791b729965c591985fdba40fcd5e48e8496bbaaae6bbbb5dba
python3-pillow-debuginfo-5.1.1-14.el8_2.x86_64.rpm SHA-256: 6ece16cb31d124e839f8cabe185a65ef14da60051843814c728a57eae3a65de9
python3-pillow-tk-debuginfo-5.1.1-14.el8_2.x86_64.rpm SHA-256: f2c45c30355ebe7fd93d345419c8045f70c821eec1f5b803a629f3be2b7f91bb

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2

SRPM
python-pillow-5.1.1-14.el8_2.src.rpm SHA-256: b5b7ef9284ff3df65b6b428595eb3f838abcb5db6b93e9ce08b70625444d538b
s390x
python-pillow-debuginfo-5.1.1-14.el8_2.s390x.rpm SHA-256: c9e8c38c4970cf287eababc18e1f533a87bb98cb884a0e511ee67651b0a36e63
python-pillow-debugsource-5.1.1-14.el8_2.s390x.rpm SHA-256: 22a842ac0753ca077482f7066c70d1c1e012ee094a787c0491909b346a992ad3
python3-pillow-5.1.1-14.el8_2.s390x.rpm SHA-256: bb40c6ca9fafe35871fe93f85448abd8fcc8227a4f2966b48807d1e9436c89cb
python3-pillow-debuginfo-5.1.1-14.el8_2.s390x.rpm SHA-256: ab314fe2a15f56e8f826f86c15cb66361c6f556492272252eae562e377d0b05d
python3-pillow-tk-debuginfo-5.1.1-14.el8_2.s390x.rpm SHA-256: 83d497013564985356e2964a105f2c95dbaffc5d22a93a3d6010e5c3c9697ce0

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2

SRPM
python-pillow-5.1.1-14.el8_2.src.rpm SHA-256: b5b7ef9284ff3df65b6b428595eb3f838abcb5db6b93e9ce08b70625444d538b
ppc64le
python-pillow-debuginfo-5.1.1-14.el8_2.ppc64le.rpm SHA-256: 49db647ccfebf38509bbaca2d064ec255e65ef536910665595028a6cf012a389
python-pillow-debugsource-5.1.1-14.el8_2.ppc64le.rpm SHA-256: 0fe527337ee4a0b89c8543be4825a923f21a0c2569596f12c0b24f77f461a69f
python3-pillow-5.1.1-14.el8_2.ppc64le.rpm SHA-256: cfda60c46a8703336533e55c64b394924ebb2d5e18d9b65d3fd7f519b128093e
python3-pillow-debuginfo-5.1.1-14.el8_2.ppc64le.rpm SHA-256: acce8d74c42285289ef80daff4497ff6b83e1e079490eec941f837f8391c32cb
python3-pillow-tk-debuginfo-5.1.1-14.el8_2.ppc64le.rpm SHA-256: 7be7c2e668fe172be163c28eb04b7a1dae7e7265b56229b6d81b86cccac7211f

Red Hat Enterprise Linux Server - TUS 8.2

SRPM
python-pillow-5.1.1-14.el8_2.src.rpm SHA-256: b5b7ef9284ff3df65b6b428595eb3f838abcb5db6b93e9ce08b70625444d538b
x86_64
python-pillow-debuginfo-5.1.1-14.el8_2.x86_64.rpm SHA-256: f1d7a3c5eb1cc37d838d8dbe0680a42813274de98338e3de8109f8c816e1690f
python-pillow-debugsource-5.1.1-14.el8_2.x86_64.rpm SHA-256: eb30dd2b47a53da0b84398423fe612a04487dc567d6a8c89e0001c32f082b776
python3-pillow-5.1.1-14.el8_2.x86_64.rpm SHA-256: ef53f7a32b0736791b729965c591985fdba40fcd5e48e8496bbaaae6bbbb5dba
python3-pillow-debuginfo-5.1.1-14.el8_2.x86_64.rpm SHA-256: 6ece16cb31d124e839f8cabe185a65ef14da60051843814c728a57eae3a65de9
python3-pillow-tk-debuginfo-5.1.1-14.el8_2.x86_64.rpm SHA-256: f2c45c30355ebe7fd93d345419c8045f70c821eec1f5b803a629f3be2b7f91bb

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2

SRPM
python-pillow-5.1.1-14.el8_2.src.rpm SHA-256: b5b7ef9284ff3df65b6b428595eb3f838abcb5db6b93e9ce08b70625444d538b
aarch64
python-pillow-debuginfo-5.1.1-14.el8_2.aarch64.rpm SHA-256: 38776ff587300d51d9cdbf20bcabe736db2f0402566cfaac1375befd889836cf
python-pillow-debugsource-5.1.1-14.el8_2.aarch64.rpm SHA-256: 2a39253735e852324ec8f226c636ff9ff652c2459ae6fd2c1753784cb14bb1e0
python3-pillow-5.1.1-14.el8_2.aarch64.rpm SHA-256: e6cf953fc77e74691e0b01febb939e5a66f7e4bf4890ec225bc75b2de8b8cb50
python3-pillow-debuginfo-5.1.1-14.el8_2.aarch64.rpm SHA-256: 7c7e6c0cf789bf15665c491eada4775b621d7198d923d53c1c9da87959f7282b
python3-pillow-tk-debuginfo-5.1.1-14.el8_2.aarch64.rpm SHA-256: 99b9126113fc9f2031e7ef59e11d71d0f495c50a8d08cf6b63681dd435fe275c

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM
python-pillow-5.1.1-14.el8_2.src.rpm SHA-256: b5b7ef9284ff3df65b6b428595eb3f838abcb5db6b93e9ce08b70625444d538b
ppc64le
python-pillow-debuginfo-5.1.1-14.el8_2.ppc64le.rpm SHA-256: 49db647ccfebf38509bbaca2d064ec255e65ef536910665595028a6cf012a389
python-pillow-debugsource-5.1.1-14.el8_2.ppc64le.rpm SHA-256: 0fe527337ee4a0b89c8543be4825a923f21a0c2569596f12c0b24f77f461a69f
python3-pillow-5.1.1-14.el8_2.ppc64le.rpm SHA-256: cfda60c46a8703336533e55c64b394924ebb2d5e18d9b65d3fd7f519b128093e
python3-pillow-debuginfo-5.1.1-14.el8_2.ppc64le.rpm SHA-256: acce8d74c42285289ef80daff4497ff6b83e1e079490eec941f837f8391c32cb
python3-pillow-tk-debuginfo-5.1.1-14.el8_2.ppc64le.rpm SHA-256: 7be7c2e668fe172be163c28eb04b7a1dae7e7265b56229b6d81b86cccac7211f

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM
python-pillow-5.1.1-14.el8_2.src.rpm SHA-256: b5b7ef9284ff3df65b6b428595eb3f838abcb5db6b93e9ce08b70625444d538b
x86_64
python-pillow-debuginfo-5.1.1-14.el8_2.x86_64.rpm SHA-256: f1d7a3c5eb1cc37d838d8dbe0680a42813274de98338e3de8109f8c816e1690f
python-pillow-debugsource-5.1.1-14.el8_2.x86_64.rpm SHA-256: eb30dd2b47a53da0b84398423fe612a04487dc567d6a8c89e0001c32f082b776
python3-pillow-5.1.1-14.el8_2.x86_64.rpm SHA-256: ef53f7a32b0736791b729965c591985fdba40fcd5e48e8496bbaaae6bbbb5dba
python3-pillow-debuginfo-5.1.1-14.el8_2.x86_64.rpm SHA-256: 6ece16cb31d124e839f8cabe185a65ef14da60051843814c728a57eae3a65de9
python3-pillow-tk-debuginfo-5.1.1-14.el8_2.x86_64.rpm SHA-256: f2c45c30355ebe7fd93d345419c8045f70c821eec1f5b803a629f3be2b7f91bb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility