Issued:: 2024-07-02
Updated:: 2024-07-02

RHSA-2024:4227 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: python-pillow security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python-pillow is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

python-pillow: buffer overflow in _imagingcms.c (CVE-2024-28219)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for x86_64 8 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x

Fixes

BZ - 2272563 - CVE-2024-28219 python-pillow: buffer overflow in _imagingcms.c

CVEs

CVE-2024-28219

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
python-pillow-5.1.1-21.el8_10.src.rpm	SHA-256: f5026eeed19ef93ace76864d4ded0d7675e55b8b16fcf36ad6019e49a410d228
x86_64
python-pillow-debuginfo-5.1.1-21.el8_10.x86_64.rpm	SHA-256: 5d274565b1515bb59ce6eb958967a378aef3668b2ba3bd932c13a4e05e96809b
python-pillow-debugsource-5.1.1-21.el8_10.x86_64.rpm	SHA-256: 27c9498911cd65c332e0a027e3e2b19b9e7df33332a55b3b97a0e1f1ec0aa897
python3-pillow-5.1.1-21.el8_10.x86_64.rpm	SHA-256: dd24b1028e284df751ae8df105afd4a2019d055b6e2a4fe4b095d8b3d9e29ea9
python3-pillow-debuginfo-5.1.1-21.el8_10.x86_64.rpm	SHA-256: 97a8f8d17a32f8fb0131824653278f04efe81b07a588b6b75ecc2f4a792a0317
python3-pillow-tk-debuginfo-5.1.1-21.el8_10.x86_64.rpm	SHA-256: c81f2c00877a2f86d7b7e8219d18b1b1d703e3cae8543ef2cdbe29c70b39a6be

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
python-pillow-5.1.1-21.el8_10.src.rpm	SHA-256: f5026eeed19ef93ace76864d4ded0d7675e55b8b16fcf36ad6019e49a410d228
s390x
python-pillow-debuginfo-5.1.1-21.el8_10.s390x.rpm	SHA-256: 2e0a4afd6e0154f2c776b91cb5424ac48a355b6a304b592e2c10640a8eceb13d
python-pillow-debugsource-5.1.1-21.el8_10.s390x.rpm	SHA-256: f9d7558bc79da7775c85d3829508f3a527c01986cc92bd74e980f7b9ef39c44e
python3-pillow-5.1.1-21.el8_10.s390x.rpm	SHA-256: bbdacdc76ead93d123b32b39fec210d7fe86643b6f8d1e2bb377d0b843f1734d
python3-pillow-debuginfo-5.1.1-21.el8_10.s390x.rpm	SHA-256: d8bae733f820bcc711c00cbc60dd510f61edd2d28ca38690702f32854da936b6
python3-pillow-tk-debuginfo-5.1.1-21.el8_10.s390x.rpm	SHA-256: 4189d36ca61da71d0011fbeec9968e9b2b89d93edd4e48465232b9fe8c3fc80b

Red Hat Enterprise Linux for Power, little endian 8

SRPM
python-pillow-5.1.1-21.el8_10.src.rpm	SHA-256: f5026eeed19ef93ace76864d4ded0d7675e55b8b16fcf36ad6019e49a410d228
ppc64le
python-pillow-debuginfo-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: 9b88d7a528c026ec8eac90b8f46e3322790f8bb2d15a06b7fbbb2afe2a5172be
python-pillow-debugsource-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: b5876936dd5a18f32a0580d94a3cc8ebbd5d8d90ae22984e76ba719fdb7f063c
python3-pillow-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: f8f53a3be76ae5c4aa728ecf9120412f25a85ea596babdb1132f290c64785eab
python3-pillow-debuginfo-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: 0e274b5b3f79cc844210f5e6bb13a100b73545e90a63400b9de9f3acb9c8a01c
python3-pillow-tk-debuginfo-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: 69cac34706310299c449e89a8d5be5ddd011782659f61c5e79cca102d9276535

Red Hat Enterprise Linux for ARM 64 8

SRPM
python-pillow-5.1.1-21.el8_10.src.rpm	SHA-256: f5026eeed19ef93ace76864d4ded0d7675e55b8b16fcf36ad6019e49a410d228
aarch64
python-pillow-debuginfo-5.1.1-21.el8_10.aarch64.rpm	SHA-256: 45427d62cc160203713bd47f70709985ea8bba10172aed1d9e7edeed61677289
python-pillow-debugsource-5.1.1-21.el8_10.aarch64.rpm	SHA-256: 84c921f79afbc9528e22818b226d5a87a80bcd3b6016e01888a51f3d7179cc8e
python3-pillow-5.1.1-21.el8_10.aarch64.rpm	SHA-256: 5930ada4700c5481a286592b15a9967abc38b870f5e758f61d0a8f3d7b9c3ebf
python3-pillow-debuginfo-5.1.1-21.el8_10.aarch64.rpm	SHA-256: 6da52f939212fe0969e2117af9c094d5ffed0a3748497fdbf5393c4040c3160a
python3-pillow-tk-debuginfo-5.1.1-21.el8_10.aarch64.rpm	SHA-256: ba3b49816308951f7bdc337e0086d5e43fbbed9385e6c41bbf5ccb6480cb11c9

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
python-pillow-debuginfo-5.1.1-21.el8_10.i686.rpm	SHA-256: 1fc88912857ebce125dfa890b86369970246ea2b7fd928091f639a1d819aa111
python-pillow-debuginfo-5.1.1-21.el8_10.x86_64.rpm	SHA-256: 5d274565b1515bb59ce6eb958967a378aef3668b2ba3bd932c13a4e05e96809b
python-pillow-debugsource-5.1.1-21.el8_10.i686.rpm	SHA-256: da7632340fc52731487a5f649cbb13c653cb84f3fb1e1f22647c9545af97d785
python-pillow-debugsource-5.1.1-21.el8_10.x86_64.rpm	SHA-256: 27c9498911cd65c332e0a027e3e2b19b9e7df33332a55b3b97a0e1f1ec0aa897
python3-pillow-5.1.1-21.el8_10.i686.rpm	SHA-256: bfe93f375f2ae3d446a1002038c930a934eb58d5b0b29d55a7f2b64aa431a427
python3-pillow-debuginfo-5.1.1-21.el8_10.i686.rpm	SHA-256: d0a1b3c6a2cbdf1aea1091bd690b3dc6d3667f70e0014f16783962ac78b9ab6e
python3-pillow-debuginfo-5.1.1-21.el8_10.x86_64.rpm	SHA-256: 97a8f8d17a32f8fb0131824653278f04efe81b07a588b6b75ecc2f4a792a0317
python3-pillow-devel-5.1.1-21.el8_10.i686.rpm	SHA-256: 96260e48d482efcc15f20fd28ca4620cb6e4f3b801e4cbaf2dac198b04a58b20
python3-pillow-devel-5.1.1-21.el8_10.x86_64.rpm	SHA-256: 02f1a88f5ddd7ab714269b2f1c3326b62855203189100c39b173fd4c92922289
python3-pillow-doc-5.1.1-21.el8_10.noarch.rpm	SHA-256: 520be72d06e135b3c21b5f9933450ea6259af7d1df49155dc835e00d36cd1646
python3-pillow-tk-5.1.1-21.el8_10.x86_64.rpm	SHA-256: e2478c9363dfe27d22f34a8d173ed232558e3cb5382a61a2865ded7c0ab5d5f7
python3-pillow-tk-debuginfo-5.1.1-21.el8_10.i686.rpm	SHA-256: cb92fad8f15ee1dd0c7a1969e796514f7699e1e9a2ba561cdf2d3b835c911ebf
python3-pillow-tk-debuginfo-5.1.1-21.el8_10.x86_64.rpm	SHA-256: c81f2c00877a2f86d7b7e8219d18b1b1d703e3cae8543ef2cdbe29c70b39a6be

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
python-pillow-debuginfo-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: 9b88d7a528c026ec8eac90b8f46e3322790f8bb2d15a06b7fbbb2afe2a5172be
python-pillow-debugsource-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: b5876936dd5a18f32a0580d94a3cc8ebbd5d8d90ae22984e76ba719fdb7f063c
python3-pillow-debuginfo-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: 0e274b5b3f79cc844210f5e6bb13a100b73545e90a63400b9de9f3acb9c8a01c
python3-pillow-devel-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: 2a55d21f81f012e5b9a18c5fcf7bd7c89e04e78c1085bdec2d4a2802e48c385c
python3-pillow-doc-5.1.1-21.el8_10.noarch.rpm	SHA-256: 520be72d06e135b3c21b5f9933450ea6259af7d1df49155dc835e00d36cd1646
python3-pillow-tk-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: c10bf64af9b81bda00f22d86f935da6fd88063ad445d79e427b0e668b23fdf95
python3-pillow-tk-debuginfo-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: 69cac34706310299c449e89a8d5be5ddd011782659f61c5e79cca102d9276535

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
python-pillow-debuginfo-5.1.1-21.el8_10.aarch64.rpm	SHA-256: 45427d62cc160203713bd47f70709985ea8bba10172aed1d9e7edeed61677289
python-pillow-debugsource-5.1.1-21.el8_10.aarch64.rpm	SHA-256: 84c921f79afbc9528e22818b226d5a87a80bcd3b6016e01888a51f3d7179cc8e
python3-pillow-debuginfo-5.1.1-21.el8_10.aarch64.rpm	SHA-256: 6da52f939212fe0969e2117af9c094d5ffed0a3748497fdbf5393c4040c3160a
python3-pillow-devel-5.1.1-21.el8_10.aarch64.rpm	SHA-256: 64c113205bf9a9018a8a75188ca475c113cce2708b195a09db8d06dddcf16922
python3-pillow-doc-5.1.1-21.el8_10.noarch.rpm	SHA-256: 520be72d06e135b3c21b5f9933450ea6259af7d1df49155dc835e00d36cd1646
python3-pillow-tk-5.1.1-21.el8_10.aarch64.rpm	SHA-256: 702dbb975a8ff268f1a6e28e66c3edff1ed6222400e366c3c91c40506365640c
python3-pillow-tk-debuginfo-5.1.1-21.el8_10.aarch64.rpm	SHA-256: ba3b49816308951f7bdc337e0086d5e43fbbed9385e6c41bbf5ccb6480cb11c9

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
python-pillow-debuginfo-5.1.1-21.el8_10.s390x.rpm	SHA-256: 2e0a4afd6e0154f2c776b91cb5424ac48a355b6a304b592e2c10640a8eceb13d
python-pillow-debugsource-5.1.1-21.el8_10.s390x.rpm	SHA-256: f9d7558bc79da7775c85d3829508f3a527c01986cc92bd74e980f7b9ef39c44e
python3-pillow-debuginfo-5.1.1-21.el8_10.s390x.rpm	SHA-256: d8bae733f820bcc711c00cbc60dd510f61edd2d28ca38690702f32854da936b6
python3-pillow-devel-5.1.1-21.el8_10.s390x.rpm	SHA-256: be7dd3ee5257e5eb94e383fd0204b096187abe129bebdf1b8e9604cd09fae2b4
python3-pillow-doc-5.1.1-21.el8_10.noarch.rpm	SHA-256: 520be72d06e135b3c21b5f9933450ea6259af7d1df49155dc835e00d36cd1646
python3-pillow-tk-5.1.1-21.el8_10.s390x.rpm	SHA-256: 5fc03739beee053c2bd111d0523af908f4db6257c368f9b9bc6743c70e3e5d50
python3-pillow-tk-debuginfo-5.1.1-21.el8_10.s390x.rpm	SHA-256: 4189d36ca61da71d0011fbeec9968e9b2b89d93edd4e48465232b9fe8c3fc80b

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10

SRPM
python-pillow-5.1.1-21.el8_10.src.rpm	SHA-256: f5026eeed19ef93ace76864d4ded0d7675e55b8b16fcf36ad6019e49a410d228
x86_64
python-pillow-debuginfo-5.1.1-21.el8_10.x86_64.rpm	SHA-256: 5d274565b1515bb59ce6eb958967a378aef3668b2ba3bd932c13a4e05e96809b
python-pillow-debugsource-5.1.1-21.el8_10.x86_64.rpm	SHA-256: 27c9498911cd65c332e0a027e3e2b19b9e7df33332a55b3b97a0e1f1ec0aa897
python3-pillow-5.1.1-21.el8_10.x86_64.rpm	SHA-256: dd24b1028e284df751ae8df105afd4a2019d055b6e2a4fe4b095d8b3d9e29ea9
python3-pillow-debuginfo-5.1.1-21.el8_10.x86_64.rpm	SHA-256: 97a8f8d17a32f8fb0131824653278f04efe81b07a588b6b75ecc2f4a792a0317
python3-pillow-tk-debuginfo-5.1.1-21.el8_10.x86_64.rpm	SHA-256: c81f2c00877a2f86d7b7e8219d18b1b1d703e3cae8543ef2cdbe29c70b39a6be

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10

SRPM
python-pillow-5.1.1-21.el8_10.src.rpm	SHA-256: f5026eeed19ef93ace76864d4ded0d7675e55b8b16fcf36ad6019e49a410d228
aarch64
python-pillow-debuginfo-5.1.1-21.el8_10.aarch64.rpm	SHA-256: 45427d62cc160203713bd47f70709985ea8bba10172aed1d9e7edeed61677289
python-pillow-debugsource-5.1.1-21.el8_10.aarch64.rpm	SHA-256: 84c921f79afbc9528e22818b226d5a87a80bcd3b6016e01888a51f3d7179cc8e
python3-pillow-5.1.1-21.el8_10.aarch64.rpm	SHA-256: 5930ada4700c5481a286592b15a9967abc38b870f5e758f61d0a8f3d7b9c3ebf
python3-pillow-debuginfo-5.1.1-21.el8_10.aarch64.rpm	SHA-256: 6da52f939212fe0969e2117af9c094d5ffed0a3748497fdbf5393c4040c3160a
python3-pillow-tk-debuginfo-5.1.1-21.el8_10.aarch64.rpm	SHA-256: ba3b49816308951f7bdc337e0086d5e43fbbed9385e6c41bbf5ccb6480cb11c9

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10

SRPM
python-pillow-5.1.1-21.el8_10.src.rpm	SHA-256: f5026eeed19ef93ace76864d4ded0d7675e55b8b16fcf36ad6019e49a410d228
ppc64le
python-pillow-debuginfo-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: 9b88d7a528c026ec8eac90b8f46e3322790f8bb2d15a06b7fbbb2afe2a5172be
python-pillow-debugsource-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: b5876936dd5a18f32a0580d94a3cc8ebbd5d8d90ae22984e76ba719fdb7f063c
python3-pillow-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: f8f53a3be76ae5c4aa728ecf9120412f25a85ea596babdb1132f290c64785eab
python3-pillow-debuginfo-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: 0e274b5b3f79cc844210f5e6bb13a100b73545e90a63400b9de9f3acb9c8a01c
python3-pillow-tk-debuginfo-5.1.1-21.el8_10.ppc64le.rpm	SHA-256: 69cac34706310299c449e89a8d5be5ddd011782659f61c5e79cca102d9276535

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10

SRPM
python-pillow-5.1.1-21.el8_10.src.rpm	SHA-256: f5026eeed19ef93ace76864d4ded0d7675e55b8b16fcf36ad6019e49a410d228
s390x
python-pillow-debuginfo-5.1.1-21.el8_10.s390x.rpm	SHA-256: 2e0a4afd6e0154f2c776b91cb5424ac48a355b6a304b592e2c10640a8eceb13d
python-pillow-debugsource-5.1.1-21.el8_10.s390x.rpm	SHA-256: f9d7558bc79da7775c85d3829508f3a527c01986cc92bd74e980f7b9ef39c44e
python3-pillow-5.1.1-21.el8_10.s390x.rpm	SHA-256: bbdacdc76ead93d123b32b39fec210d7fe86643b6f8d1e2bb377d0b843f1734d
python3-pillow-debuginfo-5.1.1-21.el8_10.s390x.rpm	SHA-256: d8bae733f820bcc711c00cbc60dd510f61edd2d28ca38690702f32854da936b6
python3-pillow-tk-debuginfo-5.1.1-21.el8_10.s390x.rpm	SHA-256: 4189d36ca61da71d0011fbeec9968e9b2b89d93edd4e48465232b9fe8c3fc80b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation