Issued:: 2024-02-08
Updated:: 2024-02-08

RHSA-2024:0754 - Security Advisory

Overview
Updated Packages

Synopsis

Important: python-pillow security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python-pillow is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

pillow: Arbitrary Code Execution via the environment parameter (CVE-2023-50447)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
Red Hat Enterprise Linux Server - TUS 8.8 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8 ppc64le
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.8 s390x
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64

Fixes

BZ - 2259479 - CVE-2023-50447 pillow:Arbitrary Code Execution via the environment parameter

CVEs

CVE-2023-50447

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
python-pillow-5.1.1-19.el8_8.src.rpm	SHA-256: 01b405321bb1e5b16db810857512b17ca4d1cd6f88e34286e98ef227d0cce217
x86_64
python-pillow-debuginfo-5.1.1-19.el8_8.x86_64.rpm	SHA-256: d2416f00b24358bae7981f8f85238581b1fd4384ad44ebaa694c8cd1ab567802
python-pillow-debugsource-5.1.1-19.el8_8.x86_64.rpm	SHA-256: 9f0d00b6bd03927f12d5feab8d77b5d6c4e5005385a8f7ef1641ef746be05642
python3-pillow-5.1.1-19.el8_8.x86_64.rpm	SHA-256: bf7ab76f7c46943003725c0b9847f0bd289307e739b35e610b7f6c0a56df35c1
python3-pillow-debuginfo-5.1.1-19.el8_8.x86_64.rpm	SHA-256: 6c4b4475d49d779b8e2bb3c07f70c445a80d74ffff9fc3130890401b3477baaa
python3-pillow-tk-debuginfo-5.1.1-19.el8_8.x86_64.rpm	SHA-256: 8dc072d875da1dd1a0643859bf6c4615f20ebf24a2974354fdc2702a60a86a42

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
python-pillow-5.1.1-19.el8_8.src.rpm	SHA-256: 01b405321bb1e5b16db810857512b17ca4d1cd6f88e34286e98ef227d0cce217
x86_64
python-pillow-debuginfo-5.1.1-19.el8_8.x86_64.rpm	SHA-256: d2416f00b24358bae7981f8f85238581b1fd4384ad44ebaa694c8cd1ab567802
python-pillow-debugsource-5.1.1-19.el8_8.x86_64.rpm	SHA-256: 9f0d00b6bd03927f12d5feab8d77b5d6c4e5005385a8f7ef1641ef746be05642
python3-pillow-5.1.1-19.el8_8.x86_64.rpm	SHA-256: bf7ab76f7c46943003725c0b9847f0bd289307e739b35e610b7f6c0a56df35c1
python3-pillow-debuginfo-5.1.1-19.el8_8.x86_64.rpm	SHA-256: 6c4b4475d49d779b8e2bb3c07f70c445a80d74ffff9fc3130890401b3477baaa
python3-pillow-tk-debuginfo-5.1.1-19.el8_8.x86_64.rpm	SHA-256: 8dc072d875da1dd1a0643859bf6c4615f20ebf24a2974354fdc2702a60a86a42

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
python-pillow-5.1.1-19.el8_8.src.rpm	SHA-256: 01b405321bb1e5b16db810857512b17ca4d1cd6f88e34286e98ef227d0cce217
s390x
python-pillow-debuginfo-5.1.1-19.el8_8.s390x.rpm	SHA-256: d7ea2b64cabc96ad57b1d65fb376d34b2687bd84397c68fbf0690d343080ec26
python-pillow-debugsource-5.1.1-19.el8_8.s390x.rpm	SHA-256: b416aa30104d0e4b1a02da90214067c310c5f2e853a5100609ea69fce81639d5
python3-pillow-5.1.1-19.el8_8.s390x.rpm	SHA-256: 70196210e2170b239aea8a3ba8a710cdea0594cf71690ba5dca16c3a666f2965
python3-pillow-debuginfo-5.1.1-19.el8_8.s390x.rpm	SHA-256: 60de3d710afa6e91d61f0b8e8262db5d98c354fda62399c1529ef22c3e61e38d
python3-pillow-tk-debuginfo-5.1.1-19.el8_8.s390x.rpm	SHA-256: faab4b650cb7cb377bdf36cf9b0bbf0b993c6e126a5a607edfcf42d7a9966c5a

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
python-pillow-5.1.1-19.el8_8.src.rpm	SHA-256: 01b405321bb1e5b16db810857512b17ca4d1cd6f88e34286e98ef227d0cce217
ppc64le
python-pillow-debuginfo-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: 898948200ae94b0799156c3396c080c39aba1ec1abee672752da74250522efa5
python-pillow-debugsource-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: be4009bfc795d51a9a7ecd79c0b939d82510ec3dd679af1097ef763a83c8165e
python3-pillow-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: 4576dbeba8bd8fec0ac82b8313f6b349a9af4836d96dee0b2fb6311a1c7b5818
python3-pillow-debuginfo-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: 92b98d317145ba2541623602c4599f9b5d02a3b608a17c741da7462a47f73d26
python3-pillow-tk-debuginfo-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: 5128049f994562cd6c094adf802b0a757abe1f3b514297f4f4379c8394f45c9f

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
python-pillow-5.1.1-19.el8_8.src.rpm	SHA-256: 01b405321bb1e5b16db810857512b17ca4d1cd6f88e34286e98ef227d0cce217
x86_64
python-pillow-debuginfo-5.1.1-19.el8_8.x86_64.rpm	SHA-256: d2416f00b24358bae7981f8f85238581b1fd4384ad44ebaa694c8cd1ab567802
python-pillow-debugsource-5.1.1-19.el8_8.x86_64.rpm	SHA-256: 9f0d00b6bd03927f12d5feab8d77b5d6c4e5005385a8f7ef1641ef746be05642
python3-pillow-5.1.1-19.el8_8.x86_64.rpm	SHA-256: bf7ab76f7c46943003725c0b9847f0bd289307e739b35e610b7f6c0a56df35c1
python3-pillow-debuginfo-5.1.1-19.el8_8.x86_64.rpm	SHA-256: 6c4b4475d49d779b8e2bb3c07f70c445a80d74ffff9fc3130890401b3477baaa
python3-pillow-tk-debuginfo-5.1.1-19.el8_8.x86_64.rpm	SHA-256: 8dc072d875da1dd1a0643859bf6c4615f20ebf24a2974354fdc2702a60a86a42

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
python-pillow-5.1.1-19.el8_8.src.rpm	SHA-256: 01b405321bb1e5b16db810857512b17ca4d1cd6f88e34286e98ef227d0cce217
aarch64
python-pillow-debuginfo-5.1.1-19.el8_8.aarch64.rpm	SHA-256: f958aafa0b5146bc799518552cb886ffc80d0adec66dac307390845e6b786e39
python-pillow-debugsource-5.1.1-19.el8_8.aarch64.rpm	SHA-256: 90f921f524d1f656026d23d6f4cb8f9c07ae6f0e3260a3e5e3d77e7a9f404947
python3-pillow-5.1.1-19.el8_8.aarch64.rpm	SHA-256: 039d620539e3d488f68be5bcad5baa6d3c51ffbff25a9a2ab298d77803e94b2b
python3-pillow-debuginfo-5.1.1-19.el8_8.aarch64.rpm	SHA-256: 02121dcf9ea44c2a1bf476b57793f191faf8a9fb0e2243b9b299740f50c03699
python3-pillow-tk-debuginfo-5.1.1-19.el8_8.aarch64.rpm	SHA-256: 21bfe7db866cb4ce992204bc80be8ea004deff9b9db397e0088875936bef99e9

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
python-pillow-5.1.1-19.el8_8.src.rpm	SHA-256: 01b405321bb1e5b16db810857512b17ca4d1cd6f88e34286e98ef227d0cce217
ppc64le
python-pillow-debuginfo-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: 898948200ae94b0799156c3396c080c39aba1ec1abee672752da74250522efa5
python-pillow-debugsource-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: be4009bfc795d51a9a7ecd79c0b939d82510ec3dd679af1097ef763a83c8165e
python3-pillow-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: 4576dbeba8bd8fec0ac82b8313f6b349a9af4836d96dee0b2fb6311a1c7b5818
python3-pillow-debuginfo-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: 92b98d317145ba2541623602c4599f9b5d02a3b608a17c741da7462a47f73d26
python3-pillow-tk-debuginfo-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: 5128049f994562cd6c094adf802b0a757abe1f3b514297f4f4379c8394f45c9f

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
python-pillow-5.1.1-19.el8_8.src.rpm	SHA-256: 01b405321bb1e5b16db810857512b17ca4d1cd6f88e34286e98ef227d0cce217
x86_64
python-pillow-debuginfo-5.1.1-19.el8_8.x86_64.rpm	SHA-256: d2416f00b24358bae7981f8f85238581b1fd4384ad44ebaa694c8cd1ab567802
python-pillow-debugsource-5.1.1-19.el8_8.x86_64.rpm	SHA-256: 9f0d00b6bd03927f12d5feab8d77b5d6c4e5005385a8f7ef1641ef746be05642
python3-pillow-5.1.1-19.el8_8.x86_64.rpm	SHA-256: bf7ab76f7c46943003725c0b9847f0bd289307e739b35e610b7f6c0a56df35c1
python3-pillow-debuginfo-5.1.1-19.el8_8.x86_64.rpm	SHA-256: 6c4b4475d49d779b8e2bb3c07f70c445a80d74ffff9fc3130890401b3477baaa
python3-pillow-tk-debuginfo-5.1.1-19.el8_8.x86_64.rpm	SHA-256: 8dc072d875da1dd1a0643859bf6c4615f20ebf24a2974354fdc2702a60a86a42

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8

SRPM
x86_64
python-pillow-debuginfo-5.1.1-19.el8_8.i686.rpm	SHA-256: fd383aac840dc99005c4bba27e4ef0bbfb141dc6c2f2a3fa0ebcb8769991d4f3
python-pillow-debuginfo-5.1.1-19.el8_8.x86_64.rpm	SHA-256: d2416f00b24358bae7981f8f85238581b1fd4384ad44ebaa694c8cd1ab567802
python-pillow-debugsource-5.1.1-19.el8_8.i686.rpm	SHA-256: 1ab7fabfb0b00a34abda8c98684d22111956f5e008caa0842652f2122f2c743c
python-pillow-debugsource-5.1.1-19.el8_8.x86_64.rpm	SHA-256: 9f0d00b6bd03927f12d5feab8d77b5d6c4e5005385a8f7ef1641ef746be05642
python3-pillow-5.1.1-19.el8_8.i686.rpm	SHA-256: ca291cd5cd200ea23ba609dddc6c248227a53cf91dd2ad43720a3fd6a7c96ede
python3-pillow-debuginfo-5.1.1-19.el8_8.i686.rpm	SHA-256: 16a9a95f6258a5ed695cf092e4a73f2bb223f1e58fbdda1e8712b49c44b6e125
python3-pillow-debuginfo-5.1.1-19.el8_8.x86_64.rpm	SHA-256: 6c4b4475d49d779b8e2bb3c07f70c445a80d74ffff9fc3130890401b3477baaa
python3-pillow-devel-5.1.1-19.el8_8.i686.rpm	SHA-256: acc2b79b70ffad6a7315d2de49feff7f0167c36c2af9440c4ac82a8bf3f75d6f
python3-pillow-devel-5.1.1-19.el8_8.x86_64.rpm	SHA-256: ebe8497e60b944c6e6dcbf6bdd8d63aed3373d7045f4716008092c7da9b75758
python3-pillow-doc-5.1.1-19.el8_8.noarch.rpm	SHA-256: 724f4deff7844c8c3cbe5533f24699eff1b8c294974c430f57e0819f2eaad935
python3-pillow-tk-5.1.1-19.el8_8.x86_64.rpm	SHA-256: c6058073faa096b9a984dfe66741c8474712b5acac32ef16ce8fafee49798ed0
python3-pillow-tk-debuginfo-5.1.1-19.el8_8.i686.rpm	SHA-256: dee0845438ec1432de7ddf3cfda1ad05d1043b0e436b629c1e090679800c78ad
python3-pillow-tk-debuginfo-5.1.1-19.el8_8.x86_64.rpm	SHA-256: 8dc072d875da1dd1a0643859bf6c4615f20ebf24a2974354fdc2702a60a86a42

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8

SRPM
ppc64le
python-pillow-debuginfo-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: 898948200ae94b0799156c3396c080c39aba1ec1abee672752da74250522efa5
python-pillow-debugsource-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: be4009bfc795d51a9a7ecd79c0b939d82510ec3dd679af1097ef763a83c8165e
python3-pillow-debuginfo-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: 92b98d317145ba2541623602c4599f9b5d02a3b608a17c741da7462a47f73d26
python3-pillow-devel-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: 83d17a6cfa2acb6700d1381444ee19f0ec7fbab7602a74dfffc31513421235f2
python3-pillow-doc-5.1.1-19.el8_8.noarch.rpm	SHA-256: 724f4deff7844c8c3cbe5533f24699eff1b8c294974c430f57e0819f2eaad935
python3-pillow-tk-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: eb09a52b9571389fd72e410e32c8e6757ef734c6460b4f2442a2b39ea536bc39
python3-pillow-tk-debuginfo-5.1.1-19.el8_8.ppc64le.rpm	SHA-256: 5128049f994562cd6c094adf802b0a757abe1f3b514297f4f4379c8394f45c9f

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.8

SRPM
s390x
python-pillow-debuginfo-5.1.1-19.el8_8.s390x.rpm	SHA-256: d7ea2b64cabc96ad57b1d65fb376d34b2687bd84397c68fbf0690d343080ec26
python-pillow-debugsource-5.1.1-19.el8_8.s390x.rpm	SHA-256: b416aa30104d0e4b1a02da90214067c310c5f2e853a5100609ea69fce81639d5
python3-pillow-debuginfo-5.1.1-19.el8_8.s390x.rpm	SHA-256: 60de3d710afa6e91d61f0b8e8262db5d98c354fda62399c1529ef22c3e61e38d
python3-pillow-devel-5.1.1-19.el8_8.s390x.rpm	SHA-256: 0b5e7e46843659a30ac9c7dde7a371a696c31a3a365e5c5ead9ce661a6fc9f62
python3-pillow-doc-5.1.1-19.el8_8.noarch.rpm	SHA-256: 724f4deff7844c8c3cbe5533f24699eff1b8c294974c430f57e0819f2eaad935
python3-pillow-tk-5.1.1-19.el8_8.s390x.rpm	SHA-256: 08099064cee72d7cf6818a76cf8a8402a236932721866428d7d315becc8e43e9
python3-pillow-tk-debuginfo-5.1.1-19.el8_8.s390x.rpm	SHA-256: faab4b650cb7cb377bdf36cf9b0bbf0b993c6e126a5a607edfcf42d7a9966c5a

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8

SRPM
aarch64
python-pillow-debuginfo-5.1.1-19.el8_8.aarch64.rpm	SHA-256: f958aafa0b5146bc799518552cb886ffc80d0adec66dac307390845e6b786e39
python-pillow-debugsource-5.1.1-19.el8_8.aarch64.rpm	SHA-256: 90f921f524d1f656026d23d6f4cb8f9c07ae6f0e3260a3e5e3d77e7a9f404947
python3-pillow-debuginfo-5.1.1-19.el8_8.aarch64.rpm	SHA-256: 02121dcf9ea44c2a1bf476b57793f191faf8a9fb0e2243b9b299740f50c03699
python3-pillow-devel-5.1.1-19.el8_8.aarch64.rpm	SHA-256: 64e9b7de756867af2d786f82b6645985825da1780807c269f6f2557943a8391c
python3-pillow-doc-5.1.1-19.el8_8.noarch.rpm	SHA-256: 724f4deff7844c8c3cbe5533f24699eff1b8c294974c430f57e0819f2eaad935
python3-pillow-tk-5.1.1-19.el8_8.aarch64.rpm	SHA-256: e945d0e557317decfb003299b07afc24f8e16c41472c9d8862fa9a4c8f7e54a2
python3-pillow-tk-debuginfo-5.1.1-19.el8_8.aarch64.rpm	SHA-256: 21bfe7db866cb4ce992204bc80be8ea004deff9b9db397e0088875936bef99e9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation