Headline
RHSA-2022:0643: Red Hat Security Advisory: python-pillow security update
An update for python-pillow is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-22816: python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c
- CVE-2022-22817: python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
- Red Hat CodeReady Studio
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-02-22
Updated:
2022-02-22
RHSA-2022:0643 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: python-pillow security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for python-pillow is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.
Security Fix(es):
- python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions (CVE-2022-22817)
- python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c (CVE-2022-22816)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Fixes
- BZ - 2042522 - CVE-2022-22816 python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c
- BZ - 2042527 - CVE-2022-22817 python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions
Red Hat Enterprise Linux for x86_64 8
SRPM
python-pillow-5.1.1-18.el8_5.src.rpm
SHA-256: 1bfa425630a37c3d2831b1eb9fb1ba4f4d194dabbdb5f895c81703ab43698f5e
x86_64
python-pillow-debuginfo-5.1.1-18.el8_5.x86_64.rpm
SHA-256: e41b3c5317dfcd6a91704c7aa24584c8bd1cd4a97f0310e4e414cf926748a300
python-pillow-debugsource-5.1.1-18.el8_5.x86_64.rpm
SHA-256: 396261da510d3e4bedf70320e24fbdb627028e25d0dbc23a6850f2fd128fd730
python3-pillow-5.1.1-18.el8_5.x86_64.rpm
SHA-256: 9a55e75f008c1ade30efc4c2e7608b810b7eabacea5071a9074b52da5ae74ddb
python3-pillow-debuginfo-5.1.1-18.el8_5.x86_64.rpm
SHA-256: 70e6d8812fdb061157188b788a05eef79abbb121b42b7369730d40a968c15607
python3-pillow-tk-debuginfo-5.1.1-18.el8_5.x86_64.rpm
SHA-256: c470ca1fecc4537440239f0b480b1b052aec64a8e1f44a4a371f430ba98456cd
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
python-pillow-5.1.1-18.el8_5.src.rpm
SHA-256: 1bfa425630a37c3d2831b1eb9fb1ba4f4d194dabbdb5f895c81703ab43698f5e
s390x
python-pillow-debuginfo-5.1.1-18.el8_5.s390x.rpm
SHA-256: bf24befba590ff44179619847894e78b5b601d78d56f6cd4b78f198d61f45842
python-pillow-debugsource-5.1.1-18.el8_5.s390x.rpm
SHA-256: d0a894bbb57eabaf5105aa5393ca429b939ef6fdc8f0576086f8597bc92273ec
python3-pillow-5.1.1-18.el8_5.s390x.rpm
SHA-256: da213020fa4d6c5eb274fd00d577a7af402db20f0dafa68340cd6705fdf765ad
python3-pillow-debuginfo-5.1.1-18.el8_5.s390x.rpm
SHA-256: 56e68198de62ab0a78727c571de20b7b93aa1df89d3dab62a5859429198e19b5
python3-pillow-tk-debuginfo-5.1.1-18.el8_5.s390x.rpm
SHA-256: 35ab6b053d452bebd9ae97e598ad8ad3a14147d8b5bee6be72e2460f96220a8b
Red Hat Enterprise Linux for Power, little endian 8
SRPM
python-pillow-5.1.1-18.el8_5.src.rpm
SHA-256: 1bfa425630a37c3d2831b1eb9fb1ba4f4d194dabbdb5f895c81703ab43698f5e
ppc64le
python-pillow-debuginfo-5.1.1-18.el8_5.ppc64le.rpm
SHA-256: 068855f60993f9eeadd294708fff69275987ab936b091cc2044279af269bfc1c
python-pillow-debugsource-5.1.1-18.el8_5.ppc64le.rpm
SHA-256: 85e98321a5888e4d80af47e88e8476836630fac750d53a0c8d7cb908f08839ca
python3-pillow-5.1.1-18.el8_5.ppc64le.rpm
SHA-256: 00e4a80640ffeb41e68ae21ec88aaf86d3b01f91825fb154d40d65e5c4fe7bf2
python3-pillow-debuginfo-5.1.1-18.el8_5.ppc64le.rpm
SHA-256: 9203c10d0e9f3674bc5102d34033cbdb412b822a0d0126c2c20ca67d74f70fd6
python3-pillow-tk-debuginfo-5.1.1-18.el8_5.ppc64le.rpm
SHA-256: 5f3b2d29d15bcf90167925bd4824bd7c1fe8fe7fa355c556989c3b2b0992bdd2
Red Hat Enterprise Linux for ARM 64 8
SRPM
python-pillow-5.1.1-18.el8_5.src.rpm
SHA-256: 1bfa425630a37c3d2831b1eb9fb1ba4f4d194dabbdb5f895c81703ab43698f5e
aarch64
python-pillow-debuginfo-5.1.1-18.el8_5.aarch64.rpm
SHA-256: 5850043462013d488f9a83246c89f5143b3ac649e0ecc0eb6298422cea0e03a3
python-pillow-debugsource-5.1.1-18.el8_5.aarch64.rpm
SHA-256: f19ecf953e42937ebca20ec85419d6f02653c5629a759407571a9d1b7870bf99
python3-pillow-5.1.1-18.el8_5.aarch64.rpm
SHA-256: 1d4d2d274bdd656841e71265ad377becf8ccefc961ae738d1503ded28648ce4c
python3-pillow-debuginfo-5.1.1-18.el8_5.aarch64.rpm
SHA-256: 51e90f970024f1fe053fab914770afd44421ee2980da47bfca10dc384e6ea6fe
python3-pillow-tk-debuginfo-5.1.1-18.el8_5.aarch64.rpm
SHA-256: e2dc7ee4c2d8aeb50d19ba0e303fc33ca3e4bb0fb8beebfe7cd9d2ef02d62b20
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
python-pillow-debuginfo-5.1.1-18.el8_5.i686.rpm
SHA-256: 8e38a4905b287ce521b583f9449ed4d848c036339c210ccd12980aad88e44d7a
python-pillow-debuginfo-5.1.1-18.el8_5.x86_64.rpm
SHA-256: e41b3c5317dfcd6a91704c7aa24584c8bd1cd4a97f0310e4e414cf926748a300
python-pillow-debugsource-5.1.1-18.el8_5.i686.rpm
SHA-256: 014552a807c272dd0165ca5c9e7712d22ee62782fdca8ba7c7b74218288b7add
python-pillow-debugsource-5.1.1-18.el8_5.x86_64.rpm
SHA-256: 396261da510d3e4bedf70320e24fbdb627028e25d0dbc23a6850f2fd128fd730
python3-pillow-5.1.1-18.el8_5.i686.rpm
SHA-256: 3dc942a4b64eecddfa46d7f2086997521109a7dbb24e0768b94312efad87f9bb
python3-pillow-debuginfo-5.1.1-18.el8_5.i686.rpm
SHA-256: 5ed49cc46c0618a11ae83f9151c492049eed74716a29bdc41fd1105ff029419e
python3-pillow-debuginfo-5.1.1-18.el8_5.x86_64.rpm
SHA-256: 70e6d8812fdb061157188b788a05eef79abbb121b42b7369730d40a968c15607
python3-pillow-devel-5.1.1-18.el8_5.i686.rpm
SHA-256: 367730db26dc11a9f4e157c90419bd6d3df3e17329ed6779539ff9a1b570a7a9
python3-pillow-devel-5.1.1-18.el8_5.x86_64.rpm
SHA-256: ef8769bcc066181ddbb050eaa3b3edbb17fbb559764f0293af4b49c085c9aac7
python3-pillow-doc-5.1.1-18.el8_5.noarch.rpm
SHA-256: 12ddb97ad14d6ae9e9c14f32fe67091d27f93319d841d7c58c42a4d6fabf549c
python3-pillow-tk-5.1.1-18.el8_5.x86_64.rpm
SHA-256: 331622c6825ab4551d4061c51cb671dec1d215c9fa3dea82e5d6775315c236e5
python3-pillow-tk-debuginfo-5.1.1-18.el8_5.i686.rpm
SHA-256: 46ede776238ec0393dd0b0b5b9e1fe30765b536c1654869f33679e9d4459f464
python3-pillow-tk-debuginfo-5.1.1-18.el8_5.x86_64.rpm
SHA-256: c470ca1fecc4537440239f0b480b1b052aec64a8e1f44a4a371f430ba98456cd
Red Hat CodeReady Linux Builder for Power, little endian 8
SRPM
ppc64le
python-pillow-debuginfo-5.1.1-18.el8_5.ppc64le.rpm
SHA-256: 068855f60993f9eeadd294708fff69275987ab936b091cc2044279af269bfc1c
python-pillow-debugsource-5.1.1-18.el8_5.ppc64le.rpm
SHA-256: 85e98321a5888e4d80af47e88e8476836630fac750d53a0c8d7cb908f08839ca
python3-pillow-debuginfo-5.1.1-18.el8_5.ppc64le.rpm
SHA-256: 9203c10d0e9f3674bc5102d34033cbdb412b822a0d0126c2c20ca67d74f70fd6
python3-pillow-devel-5.1.1-18.el8_5.ppc64le.rpm
SHA-256: 04d75e15ec096eeb680178800696691efcf462dd0b0228eeb17a1387b9c28356
python3-pillow-doc-5.1.1-18.el8_5.noarch.rpm
SHA-256: 12ddb97ad14d6ae9e9c14f32fe67091d27f93319d841d7c58c42a4d6fabf549c
python3-pillow-tk-5.1.1-18.el8_5.ppc64le.rpm
SHA-256: a6c64767612dccf79c61ebd4770fdb51f713bfd022ef63a24048957007138f49
python3-pillow-tk-debuginfo-5.1.1-18.el8_5.ppc64le.rpm
SHA-256: 5f3b2d29d15bcf90167925bd4824bd7c1fe8fe7fa355c556989c3b2b0992bdd2
Red Hat CodeReady Linux Builder for ARM 64 8
SRPM
aarch64
python-pillow-debuginfo-5.1.1-18.el8_5.aarch64.rpm
SHA-256: 5850043462013d488f9a83246c89f5143b3ac649e0ecc0eb6298422cea0e03a3
python-pillow-debugsource-5.1.1-18.el8_5.aarch64.rpm
SHA-256: f19ecf953e42937ebca20ec85419d6f02653c5629a759407571a9d1b7870bf99
python3-pillow-debuginfo-5.1.1-18.el8_5.aarch64.rpm
SHA-256: 51e90f970024f1fe053fab914770afd44421ee2980da47bfca10dc384e6ea6fe
python3-pillow-devel-5.1.1-18.el8_5.aarch64.rpm
SHA-256: 2ab632325e482061e3b8c0c73ed5513bae29510af54fd3af9a0d45615fa8b00c
python3-pillow-doc-5.1.1-18.el8_5.noarch.rpm
SHA-256: 12ddb97ad14d6ae9e9c14f32fe67091d27f93319d841d7c58c42a4d6fabf549c
python3-pillow-tk-5.1.1-18.el8_5.aarch64.rpm
SHA-256: f4441bf4fcefaa55a2cdc1fa26d6416afd5268032396539e51ea8b279d987959
python3-pillow-tk-debuginfo-5.1.1-18.el8_5.aarch64.rpm
SHA-256: e2dc7ee4c2d8aeb50d19ba0e303fc33ca3e4bb0fb8beebfe7cd9d2ef02d62b20
Red Hat CodeReady Linux Builder for IBM z Systems 8
SRPM
s390x
python-pillow-debuginfo-5.1.1-18.el8_5.s390x.rpm
SHA-256: bf24befba590ff44179619847894e78b5b601d78d56f6cd4b78f198d61f45842
python-pillow-debugsource-5.1.1-18.el8_5.s390x.rpm
SHA-256: d0a894bbb57eabaf5105aa5393ca429b939ef6fdc8f0576086f8597bc92273ec
python3-pillow-debuginfo-5.1.1-18.el8_5.s390x.rpm
SHA-256: 56e68198de62ab0a78727c571de20b7b93aa1df89d3dab62a5859429198e19b5
python3-pillow-devel-5.1.1-18.el8_5.s390x.rpm
SHA-256: 2651ccfcc479fb636428c8d9ae4ef55289c2d832e6367c2b91d8887f36fee963
python3-pillow-doc-5.1.1-18.el8_5.noarch.rpm
SHA-256: 12ddb97ad14d6ae9e9c14f32fe67091d27f93319d841d7c58c42a4d6fabf549c
python3-pillow-tk-5.1.1-18.el8_5.s390x.rpm
SHA-256: f56bee49d41da3f9a787abe6f9c76ae5f596ac2a1533160cdd92284f0e38103a
python3-pillow-tk-debuginfo-5.1.1-18.el8_5.s390x.rpm
SHA-256: 35ab6b053d452bebd9ae97e598ad8ad3a14147d8b5bee6be72e2460f96220a8b
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.