Updated python-pillow packages fix security vulnerabilities
Publication date: 18 Feb 2020Modification date: 18 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-16865 , CVE-2019-19911 , CVE-2020-5310 , CVE-2020-5311 , CVE-2020-5312 , CVE-2020-5313
Description
Updated python-pillow packages fix security vulnerabilities: It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service (CVE-2019-16865, CVE-2019-19911). It was discovered that Pillow incorrectly handled certain TIFF images. An attacker could possibly use this issue to cause a crash (CVE-2020-5310). It was discovered that Pillow incorrectly handled certain SGI images. An attacker could possibly use this issue to execute arbitrary code or cause a crash (CVE-2020-5311). It was discovered that Pillow incorrectly handled certain PCX images. An attacker could possibly use this issue to execute arbitrary code or cause a crash (CVE-2020-5312). It was discovered that Pillow incorrectly handled certain Flip images. An attacker could possibly use this issue to execute arbitrary code or cause a crash (CVE-2020-5313).
References
- https://bugs.mageia.org/show_bug.cgi?id=25968
- https://usn.ubuntu.com/4272-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16865
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19911
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5310
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5311
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
SRPMS
7/core
- python-pillow-5.4.1-1.1.mga7