Updated python-pillow packages fix security vulnerabilities
Publication date: 18 Feb 2020Modification date: 18 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-16865 , CVE-2019-19911 , CVE-2020-5310 , CVE-2020-5311 , CVE-2020-5312 , CVE-2020-5313
Description
Updated python-pillow packages fix security vulnerabilities:
It was discovered that Pillow incorrectly handled certain images. An attacker
could possibly use this issue to cause a denial of service (CVE-2019-16865,
CVE-2019-19911).
It was discovered that Pillow incorrectly handled certain TIFF images. An
attacker could possibly use this issue to cause a crash (CVE-2020-5310).
It was discovered that Pillow incorrectly handled certain SGI images. An
attacker could possibly use this issue to execute arbitrary code or cause
a crash (CVE-2020-5311).
It was discovered that Pillow incorrectly handled certain PCX images. An
attacker could possibly use this issue to execute arbitrary code or cause
a crash (CVE-2020-5312).
It was discovered that Pillow incorrectly handled certain Flip images. An
attacker could possibly use this issue to execute arbitrary code or cause
a crash (CVE-2020-5313).
References
- https://bugs.mageia.org/show_bug.cgi?id=25968
- https://usn.ubuntu.com/4272-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16865
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19911
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5310
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5311
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
SRPMS
7/core
- python-pillow-5.4.1-1.1.mga7