Issued:: 2024-02-29
Updated:: 2024-02-29

RHSA-2024:1059 - Security Advisory

Overview
Updated Packages

Synopsis

Important: python-pillow security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python-pillow is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

pillow:Arbitrary Code Execution via the environment parameter (CVE-2023-50447)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2259479 - CVE-2023-50447 pillow:Arbitrary Code Execution via the environment parameter

CVEs

CVE-2023-50447

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
python-pillow-5.1.1-15.el8_2.src.rpm	SHA-256: e4ecb0ffb7792db4c0a48789818bf8855c0818178d13d54f0ec3d8c64b529d73
x86_64
python-pillow-debuginfo-5.1.1-15.el8_2.x86_64.rpm	SHA-256: 07d5cefb51eb002bd6dd5268ac497016bc946da679a45f03a09cf692e4acac6e
python-pillow-debugsource-5.1.1-15.el8_2.x86_64.rpm	SHA-256: 0ffab1a97403a21aa43fe4c0bd14ce539fae663efab63a649e316eeaceffc97a
python3-pillow-5.1.1-15.el8_2.x86_64.rpm	SHA-256: bcb0786df1db5d629f335328791311e03cd4a253d171aa2cf916e3a17e31b805
python3-pillow-debuginfo-5.1.1-15.el8_2.x86_64.rpm	SHA-256: a7310e09d5a5a6ea0188dbdbd91c02c9969750d6ed800020789170ca594fcc84
python3-pillow-tk-debuginfo-5.1.1-15.el8_2.x86_64.rpm	SHA-256: 3242dc38172a9b670eb6740cfef3f49189973c11742a24e444f37b3f21150fde

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation