Advisories ยป MGASA-2020-0088

Updated python-pillow packages fix security vulnerabilities

Publication date: 18 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-16865 , CVE-2019-19911 , CVE-2020-5310 , CVE-2020-5311 , CVE-2020-5312 , CVE-2020-5313

Description

Updated python-pillow packages fix security vulnerabilities:

It was discovered that Pillow incorrectly handled certain images. An attacker
could possibly use this issue to cause a denial of service (CVE-2019-16865,
CVE-2019-19911).

It was discovered that Pillow incorrectly handled certain TIFF images. An
attacker could possibly use this issue to cause a crash (CVE-2020-5310).

It was discovered that Pillow incorrectly handled certain SGI images. An
attacker could possibly use this issue to execute arbitrary code or cause
a crash (CVE-2020-5311).

It was discovered that Pillow incorrectly handled certain PCX images. An
attacker could possibly use this issue to execute arbitrary code or cause
a crash (CVE-2020-5312).

It was discovered that Pillow incorrectly handled certain Flip images. An
attacker could possibly use this issue to execute arbitrary code or cause
a crash (CVE-2020-5313).
                

References

SRPMS

7/core