Amazon Linux 2023 Security Advisory: ALAS-2024-512
Advisory Release Date: 2024-02-01 17:56 Pacific
Advisory Updated Date: 2024-02-06 15:00 Pacific
Severity:
Important
Issue Overview:
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). (CVE-2023-50447)
Affected Packages:
python-pillow
Issue Correction:
Run dnf update python-pillow --releasever 2023.3.20240205 to update your system.
New Packages:
aarch64:
python3-pillow-debuginfo-9.4.0-2.amzn2023.0.4.aarch64
python3-pillow-tk-debuginfo-9.4.0-2.amzn2023.0.4.aarch64
python3-pillow-tk-9.4.0-2.amzn2023.0.4.aarch64
python-pillow-debuginfo-9.4.0-2.amzn2023.0.4.aarch64
python3-pillow-devel-9.4.0-2.amzn2023.0.4.aarch64
python-pillow-debugsource-9.4.0-2.amzn2023.0.4.aarch64
python3-pillow-9.4.0-2.amzn2023.0.4.aarch64
src:
python-pillow-9.4.0-2.amzn2023.0.4.src
x86_64:
python-pillow-debuginfo-9.4.0-2.amzn2023.0.4.x86_64
python3-pillow-devel-9.4.0-2.amzn2023.0.4.x86_64
python3-pillow-debuginfo-9.4.0-2.amzn2023.0.4.x86_64
python-pillow-debugsource-9.4.0-2.amzn2023.0.4.x86_64
python3-pillow-tk-debuginfo-9.4.0-2.amzn2023.0.4.x86_64
python3-pillow-tk-9.4.0-2.amzn2023.0.4.x86_64
python3-pillow-9.4.0-2.amzn2023.0.4.x86_64