Alibaba Cloud Linux 2.1903 Security Advisory: ALINUX2-SA-2022:0014
Issued: 2022-02-25
Updated: 2022-02-25
Summary
python-pillow security update
Severity
Important
Description
Package updates are available for Alibaba Cloud Linux 2.1903 that fix the following vulnerabilities:
CVE-2022-22816:
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
CVE-2022-22817:
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
References
Updated Packages
- aarch64
- python-pillow-2.0.0-23.gitd1c6db8.1.al7.aarch64.rpm → (download)
- python-pillow-debuginfo-2.0.0-23.gitd1c6db8.1.al7.aarch64.rpm → (download)
- python-pillow-devel-2.0.0-23.gitd1c6db8.1.al7.aarch64.rpm → (download)
- python-pillow-doc-2.0.0-23.gitd1c6db8.1.al7.aarch64.rpm → (download)
- python-pillow-qt-2.0.0-23.gitd1c6db8.1.al7.aarch64.rpm → (download)
- python-pillow-sane-2.0.0-23.gitd1c6db8.1.al7.aarch64.rpm → (download)
- python-pillow-tk-2.0.0-23.gitd1c6db8.1.al7.aarch64.rpm → (download)
- i686
- python-pillow-2.0.0-23.gitd1c6db8.1.al7.i686.rpm → (download)
- python-pillow-debuginfo-2.0.0-23.gitd1c6db8.1.al7.i686.rpm → (download)
- python-pillow-devel-2.0.0-23.gitd1c6db8.1.al7.i686.rpm → (download)
- python-pillow-doc-2.0.0-23.gitd1c6db8.1.al7.i686.rpm → (download)
- python-pillow-qt-2.0.0-23.gitd1c6db8.1.al7.i686.rpm → (download)
- python-pillow-sane-2.0.0-23.gitd1c6db8.1.al7.i686.rpm → (download)
- python-pillow-tk-2.0.0-23.gitd1c6db8.1.al7.i686.rpm → (download)
- src
- python-pillow-2.0.0-23.gitd1c6db8.1.al7.src.rpm → (download)
- x86_64
- python-pillow-2.0.0-23.gitd1c6db8.1.al7.x86_64.rpm → (download)
- python-pillow-debuginfo-2.0.0-23.gitd1c6db8.1.al7.x86_64.rpm → (download)
- python-pillow-devel-2.0.0-23.gitd1c6db8.1.al7.x86_64.rpm → (download)
- python-pillow-doc-2.0.0-23.gitd1c6db8.1.al7.x86_64.rpm → (download)
- python-pillow-qt-2.0.0-23.gitd1c6db8.1.al7.x86_64.rpm → (download)
- python-pillow-sane-2.0.0-23.gitd1c6db8.1.al7.x86_64.rpm → (download)
- python-pillow-tk-2.0.0-23.gitd1c6db8.1.al7.x86_64.rpm → (download)