First published: Thu Jul 23 2020(Updated: )
USN-4430-1 fixed vulnerabilities in Pillow. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted image file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python3-pil | <7.0.0-4ubuntu0.1 | 7.0.0-4ubuntu0.1 |
=20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for the Pillow vulnerabilities is USN-4430-2.
The severity of the Pillow vulnerabilities is not specified in the provided information.
To fix the Pillow vulnerabilities, update the 'python3-pil' package to version 7.0.0-4ubuntu0.1 or later.
The Pillow vulnerabilities affect Ubuntu version 20.04.
You can find more information about the Pillow vulnerabilities in the following references: [CVE-2020-10177](https://ubuntu.com/security/CVE-2020-10177), [CVE-2020-10378](https://ubuntu.com/security/CVE-2020-10378), [CVE-2020-10379](https://ubuntu.com/security/CVE-2020-10379).