Amazon Linux 2023 Security Advisory: ALAS-2024-582
Advisory Release Date: 2024-03-27 22:23 Pacific
Advisory Updated Date: 2024-03-27 22:23 Pacific
Severity:
Medium
References:
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
Affected versions of this package are vulnerable to Denial of Service (DoS) when using arbitrary strings as text input and the number of characters passed into PIL.ImageFont.ImageFont.getmask() is over a certain limit. This can lead to a system crash.
Affected versions of this package are vulnerable to Denial of Service (DoS) if the size of individual glyphs extends beyond the bitmap image, when using PIL.ImageFont.ImageFont function. Exploiting this vulnerability could lead to a system crash.
Affected Packages:
python-pillow
Issue Correction:
Run dnf update python-pillow --releasever 2023.4.20240401 to update your system.
New Packages:
aarch64:
python-pillow-debuginfo-9.4.0-2.amzn2023.0.5.aarch64
python3-pillow-tk-debuginfo-9.4.0-2.amzn2023.0.5.aarch64
python3-pillow-tk-9.4.0-2.amzn2023.0.5.aarch64
python3-pillow-devel-9.4.0-2.amzn2023.0.5.aarch64
python-pillow-debugsource-9.4.0-2.amzn2023.0.5.aarch64
python3-pillow-debuginfo-9.4.0-2.amzn2023.0.5.aarch64
python3-pillow-9.4.0-2.amzn2023.0.5.aarch64
src:
python-pillow-9.4.0-2.amzn2023.0.5.src
x86_64:
python-pillow-debuginfo-9.4.0-2.amzn2023.0.5.x86_64
python3-pillow-devel-9.4.0-2.amzn2023.0.5.x86_64
python3-pillow-tk-9.4.0-2.amzn2023.0.5.x86_64
python3-pillow-tk-debuginfo-9.4.0-2.amzn2023.0.5.x86_64
python3-pillow-debuginfo-9.4.0-2.amzn2023.0.5.x86_64
python-pillow-debugsource-9.4.0-2.amzn2023.0.5.x86_64
python3-pillow-9.4.0-2.amzn2023.0.5.x86_64