What is the severity of RHSA-2020:0578?

The severity of RHSA-2020:0578 is classified as important.

How do I fix RHSA-2020:0578?

To fix RHSA-2020:0578, update the python-pillow package to version 2.0.0-20.gitd1c6db8.el7_7.

Which software does RHSA-2020:0578 affect?

RHSA-2020:0578 affects the python-pillow packages including its documentation and development versions.

What vulnerabilities does RHSA-2020:0578 address?

RHSA-2020:0578 addresses vulnerabilities related to improper memory operations in the python-pillow library.

Is there a risk if I do not update for RHSA-2020:0578?

Not updating for RHSA-2020:0578 may leave systems vulnerable to exploitation due to memory-related issues.

Vulnerability/
RHSA-2020:0578

24/2/2020

20/6/2024

RHSA-2020:0578: Important: python-pillow security update

First published: Mon Feb 24 2020(Updated: )

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.<br>Security Fix(es):<br><li> python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312)</li> <li> python-pillow: reading specially crafted image files leads to allocation of large amounts of memory and denial of service (CVE-2019-16865)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
redhat/python-pillow	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-debuginfo	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-debuginfo	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-devel	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-devel	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-doc	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-qt	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-sane	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-tk	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-doc	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-qt	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-sane	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-tk	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-debuginfo	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-devel	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-doc	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-qt	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-sane	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow-tk	<2.0.0-20.gitd1c6db8.el7_7	2.0.0-20.gitd1c6db8.el7_7

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2020:0578 (Advisory)

Frequently Asked Questions

What is the severity of RHSA-2020:0578?
The severity of RHSA-2020:0578 is classified as important.
How do I fix RHSA-2020:0578?
To fix RHSA-2020:0578, update the python-pillow package to version 2.0.0-20.gitd1c6db8.el7_7.
Which software does RHSA-2020:0578 affect?
RHSA-2020:0578 affects the python-pillow packages including its documentation and development versions.
What vulnerabilities does RHSA-2020:0578 address?
RHSA-2020:0578 addresses vulnerabilities related to improper memory operations in the python-pillow library.
Is there a risk if I do not update for RHSA-2020:0578?
Not updating for RHSA-2020:0578 may leave systems vulnerable to exploitation due to memory-related issues.

agent/severity
agent/type
agent/references
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/title
agent/event
agent/tags
agent/remedy
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2020:0578
agent/software-canonical-lookup
package-manager/redhat

Frequently Asked Questions

What is the severity of RHSA-2020:0578?
The severity of RHSA-2020:0578 is classified as important.
How do I fix RHSA-2020:0578?
To fix RHSA-2020:0578, update the python-pillow package to version 2.0.0-20.gitd1c6db8.el7_7.
Which software does RHSA-2020:0578 affect?
RHSA-2020:0578 affects the python-pillow packages including its documentation and development versions.
What vulnerabilities does RHSA-2020:0578 address?
RHSA-2020:0578 addresses vulnerabilities related to improper memory operations in the python-pillow library.
Is there a risk if I do not update for RHSA-2020:0578?
Not updating for RHSA-2020:0578 may leave systems vulnerable to exploitation due to memory-related issues.

RHSA-2020:0578: Important: python-pillow security update

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2020:0578?

How do I fix RHSA-2020:0578?

Which software does RHSA-2020:0578 affect?

What vulnerabilities does RHSA-2020:0578 address?

Is there a risk if I do not update for RHSA-2020:0578?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of RHSA-2020:0578?

How do I fix RHSA-2020:0578?

Which software does RHSA-2020:0578 affect?

What vulnerabilities does RHSA-2020:0578 address?

Is there a risk if I do not update for RHSA-2020:0578?