Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2024:1060 - Security Advisory
Issued:
2024-02-29
Updated:
2024-02-29

RHSA-2024:1060 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: python-pillow security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python-pillow is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

  • pillow:Arbitrary Code Execution via the environment parameter (CVE-2023-50447)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2259479 - CVE-2023-50447 pillow:Arbitrary Code Execution via the environment parameter

CVEs

  • CVE-2023-50447

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4

SRPM
python-pillow-5.1.1-15.el8_4.src.rpm SHA-256: 8a2ea66bf5c1540dbd6f0cf6803d318cc07140737f2bd8b5dc87244356697b88
x86_64
python-pillow-debuginfo-5.1.1-15.el8_4.x86_64.rpm SHA-256: 28fd8ecd50f4767aba3c0f6f950a06e8f0da2f9d344fb2bd3faef1dc5ef2c198
python-pillow-debugsource-5.1.1-15.el8_4.x86_64.rpm SHA-256: 1baa5d1145ff1da182e1f7456811d40d2f663be0d0e1c5468d005bf0b8ecce2e
python3-pillow-5.1.1-15.el8_4.x86_64.rpm SHA-256: 74c068f38a6d950de332c7f6a9482b236fe1d9095367c336d414fa47722a3465
python3-pillow-debuginfo-5.1.1-15.el8_4.x86_64.rpm SHA-256: 426568f78d4652003e1291b6b073529934491ab0a1c2979f02d2418b39131b82
python3-pillow-tk-debuginfo-5.1.1-15.el8_4.x86_64.rpm SHA-256: b493e4d805306ca99c0a628e443e6a30ccdd4245850feace954f26b51b9a6dc9

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
python-pillow-5.1.1-15.el8_4.src.rpm SHA-256: 8a2ea66bf5c1540dbd6f0cf6803d318cc07140737f2bd8b5dc87244356697b88
x86_64
python-pillow-debuginfo-5.1.1-15.el8_4.x86_64.rpm SHA-256: 28fd8ecd50f4767aba3c0f6f950a06e8f0da2f9d344fb2bd3faef1dc5ef2c198
python-pillow-debugsource-5.1.1-15.el8_4.x86_64.rpm SHA-256: 1baa5d1145ff1da182e1f7456811d40d2f663be0d0e1c5468d005bf0b8ecce2e
python3-pillow-5.1.1-15.el8_4.x86_64.rpm SHA-256: 74c068f38a6d950de332c7f6a9482b236fe1d9095367c336d414fa47722a3465
python3-pillow-debuginfo-5.1.1-15.el8_4.x86_64.rpm SHA-256: 426568f78d4652003e1291b6b073529934491ab0a1c2979f02d2418b39131b82
python3-pillow-tk-debuginfo-5.1.1-15.el8_4.x86_64.rpm SHA-256: b493e4d805306ca99c0a628e443e6a30ccdd4245850feace954f26b51b9a6dc9

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
python-pillow-5.1.1-15.el8_4.src.rpm SHA-256: 8a2ea66bf5c1540dbd6f0cf6803d318cc07140737f2bd8b5dc87244356697b88
x86_64
python-pillow-debuginfo-5.1.1-15.el8_4.x86_64.rpm SHA-256: 28fd8ecd50f4767aba3c0f6f950a06e8f0da2f9d344fb2bd3faef1dc5ef2c198
python-pillow-debugsource-5.1.1-15.el8_4.x86_64.rpm SHA-256: 1baa5d1145ff1da182e1f7456811d40d2f663be0d0e1c5468d005bf0b8ecce2e
python3-pillow-5.1.1-15.el8_4.x86_64.rpm SHA-256: 74c068f38a6d950de332c7f6a9482b236fe1d9095367c336d414fa47722a3465
python3-pillow-debuginfo-5.1.1-15.el8_4.x86_64.rpm SHA-256: 426568f78d4652003e1291b6b073529934491ab0a1c2979f02d2418b39131b82
python3-pillow-tk-debuginfo-5.1.1-15.el8_4.x86_64.rpm SHA-256: b493e4d805306ca99c0a628e443e6a30ccdd4245850feace954f26b51b9a6dc9

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
python-pillow-5.1.1-15.el8_4.src.rpm SHA-256: 8a2ea66bf5c1540dbd6f0cf6803d318cc07140737f2bd8b5dc87244356697b88
ppc64le
python-pillow-debuginfo-5.1.1-15.el8_4.ppc64le.rpm SHA-256: 98dd2340a47e7993a2cb1490fa7917688c14303a8b093d1f1137b75e0ef9f6c6
python-pillow-debugsource-5.1.1-15.el8_4.ppc64le.rpm SHA-256: 6ba6153ffd61bddec690c99ecee6661bac72bab700845d22284a398280f6ccc5
python3-pillow-5.1.1-15.el8_4.ppc64le.rpm SHA-256: a64edfeed2232378c32764f53af8365c5d2e6904b70b6db5b6c60cbc83554661
python3-pillow-debuginfo-5.1.1-15.el8_4.ppc64le.rpm SHA-256: cc0119e22334e18c73c1ff26604e887f5def76687818bf630705b6e1de7efa28
python3-pillow-tk-debuginfo-5.1.1-15.el8_4.ppc64le.rpm SHA-256: 49bd914a5b82410dd80c06fb9c4e8106dae522ffac548dfceab16c37beb78eab

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
python-pillow-5.1.1-15.el8_4.src.rpm SHA-256: 8a2ea66bf5c1540dbd6f0cf6803d318cc07140737f2bd8b5dc87244356697b88
x86_64
python-pillow-debuginfo-5.1.1-15.el8_4.x86_64.rpm SHA-256: 28fd8ecd50f4767aba3c0f6f950a06e8f0da2f9d344fb2bd3faef1dc5ef2c198
python-pillow-debugsource-5.1.1-15.el8_4.x86_64.rpm SHA-256: 1baa5d1145ff1da182e1f7456811d40d2f663be0d0e1c5468d005bf0b8ecce2e
python3-pillow-5.1.1-15.el8_4.x86_64.rpm SHA-256: 74c068f38a6d950de332c7f6a9482b236fe1d9095367c336d414fa47722a3465
python3-pillow-debuginfo-5.1.1-15.el8_4.x86_64.rpm SHA-256: 426568f78d4652003e1291b6b073529934491ab0a1c2979f02d2418b39131b82
python3-pillow-tk-debuginfo-5.1.1-15.el8_4.x86_64.rpm SHA-256: b493e4d805306ca99c0a628e443e6a30ccdd4245850feace954f26b51b9a6dc9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility