ID de Prueba:	1.3.6.1.4.1.25623.1.0.856149
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:1673-1)
Resumen:	The remote host is missing an update for the 'python-Pillow' package(s) announced via the SUSE-SU-2024:1673-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'python-Pillow' package(s) announced via the SUSE-SU-2024:1673-1 advisory. Vulnerability Insight: This update for python-Pillow fixes the following issues: - Fixed ImagePath.Path array handling (bsc#1194552, CVE-2022-22815, bsc#1194551, CVE-2022-22816) - Use snprintf instead of sprintf (bsc#1188574, CVE-2021-34552) - Fix Memory DOS in Icns, Ico and Blp Image Plugins. (bsc#1183110, CVE-2021-27921, bsc#1183108, CVE-2021-27922, bsc#1183107, CVE-2021-27923) - Fix OOB read in SgiRleDecode.c (bsc#1183102, CVE-2021-25293) - Use more specific regex chars to prevent ReDoS (bsc#1183101, CVE-2021-25292) - Fix negative size read in TiffDecode.c (bsc#1183105, CVE-2021-25290) - Raise ValueError if color specifier is too long (bsc#1190229, CVE-2021-23437) - Incorrect error code checking in TiffDecode.c (bsc#1183103, CVE-2021-25289) - OOB Write in TiffDecode.c (bsc#1180833, CVE-2020-35654) Affected Software/OS: 'python-Pillow' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-35654 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/ https://pillow.readthedocs.io/en/stable/releasenotes/index.html Common Vulnerability Exposure (CVE) ID: CVE-2021-23437 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/ https://security.gentoo.org/glsa/202211-10 https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443 https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html Common Vulnerability Exposure (CVE) ID: CVE-2021-25289 https://security.gentoo.org/glsa/202107-33 https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html Common Vulnerability Exposure (CVE) ID: CVE-2021-25290 https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2021-25292 Common Vulnerability Exposure (CVE) ID: CVE-2021-25293 Common Vulnerability Exposure (CVE) ID: CVE-2021-27921 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/ Common Vulnerability Exposure (CVE) ID: CVE-2021-27922 Common Vulnerability Exposure (CVE) ID: CVE-2021-27923 Common Vulnerability Exposure (CVE) ID: CVE-2021-34552 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/ https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow Common Vulnerability Exposure (CVE) ID: CVE-2022-22815 Debian Security Information: DSA-5053 (Google Search) https://www.debian.org/security/2022/dsa-5053 https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331 https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2022-22816
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.