Amazon Linux 2023 Security Advisory: ALAS2023-2026-1452
Advisory Released Date: 2026-03-05
Advisory Updated Date: 2026-03-05
Severity:
Important
Issue Overview:
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. (CVE-2026-25990)
Affected Packages:
python-pillow
Issue Correction:
Run dnf update python-pillow --releasever 2023.10.20260302 or dnf update --advisory ALAS2023-2026-1452 --releasever 2023.10.20260302 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
python-pillow-debuginfo-9.4.0-2.amzn2023.0.7.aarch64
python3-pillow-tk-debuginfo-9.4.0-2.amzn2023.0.7.aarch64
python3-pillow-devel-9.4.0-2.amzn2023.0.7.aarch64
python3-pillow-tk-9.4.0-2.amzn2023.0.7.aarch64
python3-pillow-debuginfo-9.4.0-2.amzn2023.0.7.aarch64
python-pillow-debugsource-9.4.0-2.amzn2023.0.7.aarch64
python3-pillow-9.4.0-2.amzn2023.0.7.aarch64
src:
python-pillow-9.4.0-2.amzn2023.0.7.src
x86_64:
python-pillow-debuginfo-9.4.0-2.amzn2023.0.7.x86_64
python3-pillow-devel-9.4.0-2.amzn2023.0.7.x86_64
python3-pillow-tk-debuginfo-9.4.0-2.amzn2023.0.7.x86_64
python-pillow-debugsource-9.4.0-2.amzn2023.0.7.x86_64
python3-pillow-tk-9.4.0-2.amzn2023.0.7.x86_64
python3-pillow-debuginfo-9.4.0-2.amzn2023.0.7.x86_64
python3-pillow-9.4.0-2.amzn2023.0.7.x86_64