Fedora Linux 8811 Published by

A python-pillow-8.3.2-2 security update has been released for Fedora 35.



SECURITY: Fedora 35 Update: python-pillow-8.3.2-2.fc35


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-a1bc7decc9
2022-02-04 01:19:29.204462
--------------------------------------------------------------------------------

Name : python-pillow
Product : Fedora 35
Version : 8.3.2
Release : 2.fc35
URL :   http://python-pillow.github.io/
Summary : Python image processing library
Description :
Python image processing library, fork of the Python Imaging Library (PIL)

This library provides extensive file format support, an efficient
internal representation, and powerful image processing capabilities.

There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt),
devel (development) and doc (documentation).

--------------------------------------------------------------------------------
Update Information:

Backport fixes for CVE-2022-{22815,22816,22817}.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 25 2022 Sandro Mani - 8.3.2-2
- Backport patches for CVE-2022-{22815,22816,22817}
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2042512 - CVE-2022-22815 mingw-python-pillow: python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2042512
[ 2 ] Bug #2042513 - CVE-2022-22815 python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2042513
[ 3 ] Bug #2042523 - CVE-2022-22816 python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2042523
[ 4 ] Bug #2042524 - CVE-2022-22816 mingw-python-pillow: python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2042524
[ 5 ] Bug #2042528 - CVE-2022-22817 mingw-python-pillow: python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2042528
[ 6 ] Bug #2042530 - CVE-2022-22817 python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2042530
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-a1bc7decc9' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________