Amazon Linux 1 Security Advisory: ALAS-2023-1787
Advisory Release Date: 2023-07-13 23:57 Pacific
Advisory Updated Date: 2023-07-19 21:51 Pacific
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. (CVE-2016-9190)
Affected Packages:
python-imaging
Issue Correction:
Run yum update python-imaging to update your system.
i686:
python27-imaging-1.1.6-19.10.amzn1.i686
python27-imaging-devel-1.1.6-19.10.amzn1.i686
python26-imaging-1.1.6-19.10.amzn1.i686
python-imaging-debuginfo-1.1.6-19.10.amzn1.i686
python26-imaging-devel-1.1.6-19.10.amzn1.i686
src:
python-imaging-1.1.6-19.10.amzn1.src
x86_64:
python26-imaging-devel-1.1.6-19.10.amzn1.x86_64
python26-imaging-1.1.6-19.10.amzn1.x86_64
python-imaging-debuginfo-1.1.6-19.10.amzn1.x86_64
python27-imaging-devel-1.1.6-19.10.amzn1.x86_64
python27-imaging-1.1.6-19.10.amzn1.x86_64