Fedora 34 Update: python-pillow-8.1.2-6.fc34

Fedora Linux 8782 Published 2022-02-04 05:59 by Philipp Esselbach

News

A python-pillow security update has been released for Fedora 34.

SECURITY: Fedora 34 Update: python-pillow-8.1.2-6.fc34

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-e4087f9366
2022-02-04 01:20:59.298130
--------------------------------------------------------------------------------

Name : python-pillow
Product : Fedora 34
Version : 8.1.2
Release : 6.fc34
URL : http://python-pillow.github.io/
Summary : Python image processing library
Description :
Python image processing library, fork of the Python Imaging Library (PIL)

This library provides extensive file format support, an efficient
internal representation, and powerful image processing capabilities.

There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt),
devel (development) and doc (documentation).

--------------------------------------------------------------------------------
Update Information:

Backport fixes for CVE-2022-{22815,22816,22817}.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 25 2022 Sandro Mani - 8.1.2-6
- Backport patches for CVE-2022-{22815,22816,22817}
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2042512 - CVE-2022-22815 mingw-python-pillow: python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2042512
[ 2 ] Bug #2042513 - CVE-2022-22815 python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2042513
[ 3 ] Bug #2042523 - CVE-2022-22816 python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2042523
[ 4 ] Bug #2042524 - CVE-2022-22816 mingw-python-pillow: python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2042524
[ 5 ] Bug #2042528 - CVE-2022-22817 mingw-python-pillow: python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2042528
[ 6 ] Bug #2042530 - CVE-2022-22817 python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2042530
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-e4087f9366' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________

Windows Terminal Preview 1.13.10336.0 released

RHSA-2022:0418-02: Important: varnish:6 security update

Fedora 34 Update: python-pillow-8.1.2-6.fc34

SECURITY: Fedora 34 Update: python-pillow-8.1.2-6.fc34

Windows

Linux

macOS

Community