Issued:: 2024-02-20
Updated:: 2024-02-20

RHSA-2024:0893 - Security Advisory

Overview
Updated Packages

Synopsis

Important: python-pillow security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python-pillow is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

pillow: Arbitrary Code Execution via the environment parameter (CVE-2023-50447)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for x86_64 8 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x

Fixes

BZ - 2259479 - CVE-2023-50447 pillow:Arbitrary Code Execution via the environment parameter

CVEs

CVE-2023-50447

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
python-pillow-5.1.1-18.el8_9.1.src.rpm	SHA-256: 586dbd5e87bb3b18868ea7d51a00096508bdf73b710e3c7235144ee697dd6314
x86_64
python-pillow-debuginfo-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: d5d3844f8a827b99dc3170453191202fe51f2d108811c4c1670549f5e0864b5b
python-pillow-debugsource-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: 3725270643176a0f7113ddfeded18d607dfc8b87542f3a7c545d1a8ead0cd0b8
python3-pillow-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: abff21f925a2839c4a557ac413e2b23d8c25ccaddf31f2378d081d9974150f3e
python3-pillow-debuginfo-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: d4ed60137c2025301200a2b86e22176f800f394ee6a0d3a7b695836f99cff406
python3-pillow-tk-debuginfo-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: 87349a2f3a5f74a25f453923b4c947965db2c94bf4363594892feaa3c9be60aa

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
python-pillow-5.1.1-18.el8_9.1.src.rpm	SHA-256: 586dbd5e87bb3b18868ea7d51a00096508bdf73b710e3c7235144ee697dd6314
s390x
python-pillow-debuginfo-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: 6f566b92ddee2c7bdcf0dbe72c42b2f835e3468d3ecfe42274361298ef3a2b18
python-pillow-debugsource-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: b46583fcb52a8fea7ab8814cee259789cc51ddf36195befaee2b47681ef8b393
python3-pillow-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: 36419a297d2bfc341c1d1edff02c812fe1c5b573dd50d46ab964712db2cf4d6c
python3-pillow-debuginfo-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: 9746078c0982e1e011f344c7e24565a6f411eaf8b7063a4304dec3739f1ddead
python3-pillow-tk-debuginfo-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: b9dd737a8ec92cdf7b30a5fd2452c3914f6ccb28d9a100bcdfb8329ac8e5ee14

Red Hat Enterprise Linux for Power, little endian 8

SRPM
python-pillow-5.1.1-18.el8_9.1.src.rpm	SHA-256: 586dbd5e87bb3b18868ea7d51a00096508bdf73b710e3c7235144ee697dd6314
ppc64le
python-pillow-debuginfo-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: 3f41d26e74bea17e930d1f4469e7b629038a36a8bf47e5655d6d6cdee17bf68e
python-pillow-debugsource-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: 55b0ea65241a50e376130822b36c3a30000756ad22708796ff58991d58211697
python3-pillow-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: bb2750abf9a899f2e7856daf3b36b27c17981e057d2b3edb381bb11f8fc2de8a
python3-pillow-debuginfo-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: e9df58413f091d86116fcc6691f94fad86401ff5b03633d564b720cf02819343
python3-pillow-tk-debuginfo-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: d967d3433dd7f639b04e99d4cc68607c30570bc43f07418c342b2fba968c9dd3

Red Hat Enterprise Linux for ARM 64 8

SRPM
python-pillow-5.1.1-18.el8_9.1.src.rpm	SHA-256: 586dbd5e87bb3b18868ea7d51a00096508bdf73b710e3c7235144ee697dd6314
aarch64
python-pillow-debuginfo-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: 21cc45eeb267130d2409fa9ee3f95e6dd487d31b1cbae8b8dea5241bf3ff5bb9
python-pillow-debugsource-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: 2089827d4caf0fbb28e43190d7f6f454fa247acb20356827494c73d644c61920
python3-pillow-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: 8a47b7a95c89ccec3b6ae12e09bade09e4b430aa8af7909b29b3efdc090a4c93
python3-pillow-debuginfo-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: 3d25d09161968f3c1adbfaecdbe05132192c7afd0b691700980da5e3c961961b
python3-pillow-tk-debuginfo-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: a4e13cad662975fc0336c09638d57b8d294c6dda2e6982b344c82468ddf045ef

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
python-pillow-debuginfo-5.1.1-18.el8_9.1.i686.rpm	SHA-256: 6e9565b81cf78368ec0b555249312274d630196ab7e0d3c36c327ebc4bed46a7
python-pillow-debuginfo-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: d5d3844f8a827b99dc3170453191202fe51f2d108811c4c1670549f5e0864b5b
python-pillow-debugsource-5.1.1-18.el8_9.1.i686.rpm	SHA-256: e41ff4cfc32a09cc8902b828bc7dedf30fa862c90889edcd9af62e2c633d8658
python-pillow-debugsource-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: 3725270643176a0f7113ddfeded18d607dfc8b87542f3a7c545d1a8ead0cd0b8
python3-pillow-5.1.1-18.el8_9.1.i686.rpm	SHA-256: 00806afc578aa1f95b08f2daa99e71ea3b2ce305fd9b505e491be0a71a16583f
python3-pillow-debuginfo-5.1.1-18.el8_9.1.i686.rpm	SHA-256: 5364b3f39ed8951886163df7a17cab02ba3702031da885759ac73a12386e1f3c
python3-pillow-debuginfo-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: d4ed60137c2025301200a2b86e22176f800f394ee6a0d3a7b695836f99cff406
python3-pillow-devel-5.1.1-18.el8_9.1.i686.rpm	SHA-256: e05148af75171126ae5767925c37eabad1919e85e381c10044acc9c77b274657
python3-pillow-devel-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: 47159adb07d72f2fb345fe85990345159fdcb36f0e81fdb190b34ffb7830c9a0
python3-pillow-doc-5.1.1-18.el8_9.1.noarch.rpm	SHA-256: d4f2b6ed862d03b8c893d090912ea1f36990cbd5ec2be74602d3e071dee7f760
python3-pillow-tk-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: 84cd4cfaf76bdb085749c20fcafba0702ca720ac2cf0a76f63619b975b2662c4
python3-pillow-tk-debuginfo-5.1.1-18.el8_9.1.i686.rpm	SHA-256: c360bbcb0c35e76589b428a52834f02b286158e9d6da3d03a426e880c4abcee1
python3-pillow-tk-debuginfo-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: 87349a2f3a5f74a25f453923b4c947965db2c94bf4363594892feaa3c9be60aa

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
python-pillow-debuginfo-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: 3f41d26e74bea17e930d1f4469e7b629038a36a8bf47e5655d6d6cdee17bf68e
python-pillow-debugsource-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: 55b0ea65241a50e376130822b36c3a30000756ad22708796ff58991d58211697
python3-pillow-debuginfo-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: e9df58413f091d86116fcc6691f94fad86401ff5b03633d564b720cf02819343
python3-pillow-devel-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: 22311627a7010e42776bf53c51e3abff7cf49179f753b900724dd16df3634522
python3-pillow-doc-5.1.1-18.el8_9.1.noarch.rpm	SHA-256: d4f2b6ed862d03b8c893d090912ea1f36990cbd5ec2be74602d3e071dee7f760
python3-pillow-tk-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: ca7c7ba1d1ef61cc481e6398d2174d0bf6abd9f0af1eda7b01dc8908c6c79c7d
python3-pillow-tk-debuginfo-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: d967d3433dd7f639b04e99d4cc68607c30570bc43f07418c342b2fba968c9dd3

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
python-pillow-debuginfo-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: 21cc45eeb267130d2409fa9ee3f95e6dd487d31b1cbae8b8dea5241bf3ff5bb9
python-pillow-debugsource-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: 2089827d4caf0fbb28e43190d7f6f454fa247acb20356827494c73d644c61920
python3-pillow-debuginfo-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: 3d25d09161968f3c1adbfaecdbe05132192c7afd0b691700980da5e3c961961b
python3-pillow-devel-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: 8b98f9e18da4de805aa571833ef9900df2646d72d74eb000626e371038b38327
python3-pillow-doc-5.1.1-18.el8_9.1.noarch.rpm	SHA-256: d4f2b6ed862d03b8c893d090912ea1f36990cbd5ec2be74602d3e071dee7f760
python3-pillow-tk-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: 114a4ba2fe1b6306ea2ea8aec5583289c969b252664141c08fd9d3b3f6330250
python3-pillow-tk-debuginfo-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: a4e13cad662975fc0336c09638d57b8d294c6dda2e6982b344c82468ddf045ef

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
python-pillow-debuginfo-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: 6f566b92ddee2c7bdcf0dbe72c42b2f835e3468d3ecfe42274361298ef3a2b18
python-pillow-debugsource-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: b46583fcb52a8fea7ab8814cee259789cc51ddf36195befaee2b47681ef8b393
python3-pillow-debuginfo-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: 9746078c0982e1e011f344c7e24565a6f411eaf8b7063a4304dec3739f1ddead
python3-pillow-devel-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: af56a3a2194cfe4c11a748e41fe32e754b33a1e402de6631badadb6baf2ff18c
python3-pillow-doc-5.1.1-18.el8_9.1.noarch.rpm	SHA-256: d4f2b6ed862d03b8c893d090912ea1f36990cbd5ec2be74602d3e071dee7f760
python3-pillow-tk-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: d7b72c7dee26e51ee98d4c0faef83fc2fc924477b0d80a1de22102f3945ec092
python3-pillow-tk-debuginfo-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: b9dd737a8ec92cdf7b30a5fd2452c3914f6ccb28d9a100bcdfb8329ac8e5ee14

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10

SRPM
python-pillow-5.1.1-18.el8_9.1.src.rpm	SHA-256: 586dbd5e87bb3b18868ea7d51a00096508bdf73b710e3c7235144ee697dd6314
x86_64
python-pillow-debuginfo-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: d5d3844f8a827b99dc3170453191202fe51f2d108811c4c1670549f5e0864b5b
python-pillow-debugsource-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: 3725270643176a0f7113ddfeded18d607dfc8b87542f3a7c545d1a8ead0cd0b8
python3-pillow-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: abff21f925a2839c4a557ac413e2b23d8c25ccaddf31f2378d081d9974150f3e
python3-pillow-debuginfo-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: d4ed60137c2025301200a2b86e22176f800f394ee6a0d3a7b695836f99cff406
python3-pillow-tk-debuginfo-5.1.1-18.el8_9.1.x86_64.rpm	SHA-256: 87349a2f3a5f74a25f453923b4c947965db2c94bf4363594892feaa3c9be60aa

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10

SRPM
python-pillow-5.1.1-18.el8_9.1.src.rpm	SHA-256: 586dbd5e87bb3b18868ea7d51a00096508bdf73b710e3c7235144ee697dd6314
aarch64
python-pillow-debuginfo-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: 21cc45eeb267130d2409fa9ee3f95e6dd487d31b1cbae8b8dea5241bf3ff5bb9
python-pillow-debugsource-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: 2089827d4caf0fbb28e43190d7f6f454fa247acb20356827494c73d644c61920
python3-pillow-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: 8a47b7a95c89ccec3b6ae12e09bade09e4b430aa8af7909b29b3efdc090a4c93
python3-pillow-debuginfo-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: 3d25d09161968f3c1adbfaecdbe05132192c7afd0b691700980da5e3c961961b
python3-pillow-tk-debuginfo-5.1.1-18.el8_9.1.aarch64.rpm	SHA-256: a4e13cad662975fc0336c09638d57b8d294c6dda2e6982b344c82468ddf045ef

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10

SRPM
python-pillow-5.1.1-18.el8_9.1.src.rpm	SHA-256: 586dbd5e87bb3b18868ea7d51a00096508bdf73b710e3c7235144ee697dd6314
ppc64le
python-pillow-debuginfo-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: 3f41d26e74bea17e930d1f4469e7b629038a36a8bf47e5655d6d6cdee17bf68e
python-pillow-debugsource-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: 55b0ea65241a50e376130822b36c3a30000756ad22708796ff58991d58211697
python3-pillow-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: bb2750abf9a899f2e7856daf3b36b27c17981e057d2b3edb381bb11f8fc2de8a
python3-pillow-debuginfo-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: e9df58413f091d86116fcc6691f94fad86401ff5b03633d564b720cf02819343
python3-pillow-tk-debuginfo-5.1.1-18.el8_9.1.ppc64le.rpm	SHA-256: d967d3433dd7f639b04e99d4cc68607c30570bc43f07418c342b2fba968c9dd3

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10

SRPM
python-pillow-5.1.1-18.el8_9.1.src.rpm	SHA-256: 586dbd5e87bb3b18868ea7d51a00096508bdf73b710e3c7235144ee697dd6314
s390x
python-pillow-debuginfo-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: 6f566b92ddee2c7bdcf0dbe72c42b2f835e3468d3ecfe42274361298ef3a2b18
python-pillow-debugsource-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: b46583fcb52a8fea7ab8814cee259789cc51ddf36195befaee2b47681ef8b393
python3-pillow-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: 36419a297d2bfc341c1d1edff02c812fe1c5b573dd50d46ab964712db2cf4d6c
python3-pillow-debuginfo-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: 9746078c0982e1e011f344c7e24565a6f411eaf8b7063a4304dec3739f1ddead
python3-pillow-tk-debuginfo-5.1.1-18.el8_9.1.s390x.rpm	SHA-256: b9dd737a8ec92cdf7b30a5fd2452c3914f6ccb28d9a100bcdfb8329ac8e5ee14

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation